Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-33814 (GCVE-0-2026-33814)
Vulnerability from cvelistv5 – Published: 2026-05-07 19:41 – Updated: 2026-07-02 12:05
VLAI
EPSS
Title
Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
Summary
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
15 references
| URL | Tags |
|---|---|
| https://go.dev/cl/761581 | |
| https://go.dev/cl/761640 | |
| https://go.dev/issue/78476 | |
| https://groups.google.com/g/golang-announce/c/qcC… | |
| https://pkg.go.dev/vuln/GO-2026-4918 | |
| https://access.redhat.com/security/cve/CVE-2026-33814 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2467815 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:34342 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:23262 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:23264 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33120 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33123 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33142 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33150 | vendor-advisoryx_refsource_REDHAT |
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/net | golang.org/x/net/http2 |
Affected:
0 , < 0.53.0
(semver)
|
|
| Go standard library | net/http |
Affected:
0 , < 1.25.10
(semver)
Affected: 1.26.0-0 , < 1.26.3 (semver) |
|
| Red Hat | Cluster Observability Operator 1.5.0 |
cpe:/a:redhat:cluster_observability_operator:1.5::el9 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.0 |
cpe:/a:redhat:service_mesh:3.0::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.1 |
cpe:/a:redhat:service_mesh:3.1::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.2 |
cpe:/a:redhat:service_mesh:3.2::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.3 |
cpe:/a:redhat:service_mesh:3.3::el9 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 |
cpe:/a:redhat:enterprise_linux_ai:3 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | OpenShift Service Mesh 2 |
cpe:/a:redhat:service_mesh:2 |
Credits
Marwan Atia (marwansamir688@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-33814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T18:00:53.951676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T18:01:02.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-07T19:41:17.631Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-606",
"description": "Unchecked Input for Loop Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:05:19.070Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"name": "RHBZ#2467815",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33814.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:23262: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:23264: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:33120: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:33123: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:33142: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:33150: Red Hat OpenShift Service Mesh 3.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-07T20:01:11.324Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-07T19:41:17.631Z",
"value": "Made public."
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2",
"product": "golang.org/x/net/http2",
"programRoutines": [
{
"name": "clientConnReadLoop.processSettingsNoWrite"
},
{
"name": "Transport.NewClientConn"
},
{
"name": "Transport.RoundTrip"
},
{
"name": "Transport.RoundTripOpt"
},
{
"name": "clientConnPool.GetClientConn"
},
{
"name": "noDialClientConnPool.GetClientConn"
},
{
"name": "noDialH2RoundTripper.NewClientConn"
},
{
"name": "noDialH2RoundTripper.RoundTrip"
},
{
"name": "unencryptedTransport.RoundTrip"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.53.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "http2clientConnReadLoop.processSettingsNoWrite"
},
{
"name": "Client.CloseIdleConnections"
},
{
"name": "Client.Do"
},
{
"name": "Client.Get"
},
{
"name": "Client.Head"
},
{
"name": "Client.Post"
},
{
"name": "Client.PostForm"
},
{
"name": "ClientConn.Close"
},
{
"name": "ClientConn.RoundTrip"
},
{
"name": "Get"
},
{
"name": "Head"
},
{
"name": "Post"
},
{
"name": "PostForm"
},
{
"name": "Transport.CloseIdleConnections"
},
{
"name": "Transport.NewClientConn"
},
{
"name": "Transport.RoundTrip"
},
{
"name": "http1ClientConn.Close"
},
{
"name": "http1ClientConn.RoundTrip"
},
{
"name": "http2Transport.NewClientConn"
},
{
"name": "http2Transport.RoundTrip"
},
{
"name": "http2Transport.RoundTripOpt"
},
{
"name": "http2clientConnPool.GetClientConn"
},
{
"name": "http2noDialClientConnPool.GetClientConn"
},
{
"name": "http2noDialH2RoundTripper.NewClientConn"
},
{
"name": "http2noDialH2RoundTripper.RoundTrip"
},
{
"name": "http2unencryptedTransport.RoundTrip"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.3",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marwan Atia (marwansamir688@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"value": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T19:41:17.631Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/761581"
},
{
"url": "https://go.dev/cl/761640"
},
{
"url": "https://go.dev/issue/78476"
},
{
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"title": "Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-33814",
"datePublished": "2026-05-07T19:41:17.631Z",
"dateReserved": "2026-03-23T20:35:32.814Z",
"dateUpdated": "2026-07-02T12:05:19.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-33814",
"date": "2026-07-02",
"epss": "0.00781",
"percentile": "0.51466"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-33814\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-05-07T20:16:42.880\",\"lastModified\":\"2026-07-02T12:17:06.340\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"golang.org/x/net\",\"product\":\"golang.org/x/net/http2\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"golang.org/x/net/http2\",\"programRoutines\":[{\"name\":\"clientConnReadLoop.processSettingsNoWrite\"},{\"name\":\"Transport.NewClientConn\"},{\"name\":\"Transport.RoundTrip\"},{\"name\":\"Transport.RoundTripOpt\"},{\"name\":\"clientConnPool.GetClientConn\"},{\"name\":\"noDialClientConnPool.GetClientConn\"},{\"name\":\"noDialH2RoundTripper.NewClientConn\"},{\"name\":\"noDialH2RoundTripper.RoundTrip\"},{\"name\":\"unencryptedTransport.RoundTrip\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"0.53.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Go standard library\",\"product\":\"net/http\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"net/http\",\"programRoutines\":[{\"name\":\"http2clientConnReadLoop.processSettingsNoWrite\"},{\"name\":\"Client.CloseIdleConnections\"},{\"name\":\"Client.Do\"},{\"name\":\"Client.Get\"},{\"name\":\"Client.Head\"},{\"name\":\"Client.Post\"},{\"name\":\"Client.PostForm\"},{\"name\":\"ClientConn.Close\"},{\"name\":\"ClientConn.RoundTrip\"},{\"name\":\"Get\"},{\"name\":\"Head\"},{\"name\":\"Post\"},{\"name\":\"PostForm\"},{\"name\":\"Transport.CloseIdleConnections\"},{\"name\":\"Transport.NewClientConn\"},{\"name\":\"Transport.RoundTrip\"},{\"name\":\"http1ClientConn.Close\"},{\"name\":\"http1ClientConn.RoundTrip\"},{\"name\":\"http2Transport.NewClientConn\"},{\"name\":\"http2Transport.RoundTrip\"},{\"name\":\"http2Transport.RoundTripOpt\"},{\"name\":\"http2clientConnPool.GetClientConn\"},{\"name\":\"http2noDialClientConnPool.GetClientConn\"},{\"name\":\"http2noDialH2RoundTripper.NewClientConn\"},{\"name\":\"http2noDialH2RoundTripper.RoundTrip\"},{\"name\":\"http2unencryptedTransport.RoundTrip\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.25.10\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.26.0-0\",\"lessThan\":\"1.26.3\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Cluster Observability Operator 1.5.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cluster_observability_operator:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-08T18:00:53.951676Z\",\"id\":\"CVE-2026-33814\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-606\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.25.10\",\"matchCriteriaId\":\"1C966EF3-C51C-4239-B5FC-C44A5202FEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.26.0\",\"versionEndExcluding\":\"1.26.3\",\"matchCriteriaId\":\"522E4CD0-2B99-4363-9C78-0BAFD988A2D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.53.0\",\"matchCriteriaId\":\"365ED1C8-AAF7-4BA7-949C-6F69AF4CD27E\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/761581\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/cl/761640\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/78476\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/qcCIEXso47M\",\"source\":\"security@golang.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4918\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23262\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23264\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33120\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33123\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33142\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33150\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34342\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-33814\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2467815\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33814.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:cluster_observability_operator:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Cluster Observability Operator 1.5.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:container_native_virtualization:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Virtualization 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 2\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-07T20:01:11.324Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-07T19:41:17.631Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:34342: Cluster Observability Operator 1.5.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23262: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23264: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33120: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33123: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33142: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33150: Red Hat OpenShift Service Mesh 3.3\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-07T19:41:17.631Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-33814\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2467815\", \"name\": \"RHBZ#2467815\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33814.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34342\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23262\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23264\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33120\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33123\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33142\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33150\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-606\", \"description\": \"Unchecked Input for Loop Condition\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-02T12:05:19.070Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33814\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-08T18:00:53.951676Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-08T18:00:42.436Z\"}}], \"cna\": {\"title\": \"Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net\", \"credits\": [{\"lang\": \"en\", \"value\": \"Marwan Atia (marwansamir688@gmail.com)\"}], \"affected\": [{\"vendor\": \"golang.org/x/net\", \"product\": \"golang.org/x/net/http2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.53.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/net/http2\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"clientConnReadLoop.processSettingsNoWrite\"}, {\"name\": \"Transport.NewClientConn\"}, {\"name\": \"Transport.RoundTrip\"}, {\"name\": \"Transport.RoundTripOpt\"}, {\"name\": \"clientConnPool.GetClientConn\"}, {\"name\": \"noDialClientConnPool.GetClientConn\"}, {\"name\": \"noDialH2RoundTripper.NewClientConn\"}, {\"name\": \"noDialH2RoundTripper.RoundTrip\"}, {\"name\": \"unencryptedTransport.RoundTrip\"}]}, {\"vendor\": \"Go standard library\", \"product\": \"net/http\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.25.10\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-0\", \"lessThan\": \"1.26.3\", \"versionType\": \"semver\"}], \"packageName\": \"net/http\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"http2clientConnReadLoop.processSettingsNoWrite\"}, {\"name\": \"Client.CloseIdleConnections\"}, {\"name\": \"Client.Do\"}, {\"name\": \"Client.Get\"}, {\"name\": \"Client.Head\"}, {\"name\": \"Client.Post\"}, {\"name\": \"Client.PostForm\"}, {\"name\": \"ClientConn.Close\"}, {\"name\": \"ClientConn.RoundTrip\"}, {\"name\": \"Get\"}, {\"name\": \"Head\"}, {\"name\": \"Post\"}, {\"name\": \"PostForm\"}, {\"name\": \"Transport.CloseIdleConnections\"}, {\"name\": \"Transport.NewClientConn\"}, {\"name\": \"Transport.RoundTrip\"}, {\"name\": \"http1ClientConn.Close\"}, {\"name\": \"http1ClientConn.RoundTrip\"}, {\"name\": \"http2Transport.NewClientConn\"}, {\"name\": \"http2Transport.RoundTrip\"}, {\"name\": \"http2Transport.RoundTripOpt\"}, {\"name\": \"http2clientConnPool.GetClientConn\"}, {\"name\": \"http2noDialClientConnPool.GetClientConn\"}, {\"name\": \"http2noDialH2RoundTripper.NewClientConn\"}, {\"name\": \"http2noDialH2RoundTripper.RoundTrip\"}, {\"name\": \"http2unencryptedTransport.RoundTrip\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/761581\"}, {\"url\": \"https://go.dev/cl/761640\"}, {\"url\": \"https://go.dev/issue/78476\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qcCIEXso47M\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4918\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-05-07T19:41:17.631Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33814\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-02T12:05:19.070Z\", \"dateReserved\": \"2026-03-23T20:35:32.814Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-05-07T19:41:17.631Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:22242-1
Vulnerability from csaf_suse - Published: 2026-06-22 09:09 - Updated: 2026-06-22 09:09Summary
Security update for google-osconfig-agent
Severity
Important
Notes
Title of the patch: Security update for google-osconfig-agent
Description of the patch: This update for google-osconfig-agent fixes the following issues
- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236533).
- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents
(bsc#1251453).
- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially
crafted input (bsc#1251704).
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260264).
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265762).
- CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of
service (bsc#1262926).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266603).
- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
(bsc#1266171).
- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
(bsc#1266171).
- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
(bsc#1266171).
- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266171).
- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
(bsc#1266171).
- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
(bsc#1266171).
- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266171).
- CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during
smart-HTTP clone and fetch operations (bsc#1264923).
Changes for google-osconfig-agent:
- Update to version 20260615.01
* Upgrade golang.org/x/crypto & golang.org/x/net (#1006)
- from version 20260615.00
* Add unit tests for ospatch_apt_upgrade.go (#938)
- Update to version 20260611.00
* Add unit tests for policies/policies.go PART 5 (#998)
- from version 20260610.00
* Add unit tests for policies/policies.go PART 4 (#997)
- from version 20260609.02
* squash commits (#936)
- from version 20260609.01
* Add unit tests for policies/policies.go PART 3 (#996)
- from version 20260609.00
* Add unit tests for policies/policies.go PART 2 (#991)
- from version 20260602.01
* Align format of dates and timestamp collected across Windows packages (#973)
- from version 20260602.00
* Add unit tests for config/config,go (#979)
- from version 20260528.00
* Bump github.com/containerd/containerd (#990)
- from version 20260521.00
* Cover agentconfig functionality by unit tests (#925)
- from version 20260520.04
* Add unit tests for policies/googet.go (#961)
* Bump github.com/go-git/go-git/v5 (#987)
- from version 20260520.02
* Add unit tests for policies/yum.go (#952)
* Add unit tests for policies/apt.go PART 3 (#951)
- from version 20260520.00
* Add unit tests for policies/zypper.go (#953)
- from version 20260519.00
* Add unit tests for policies/policies.go PART 1 (#949)
- from version 20260513.01
* Bump github.com/go-git/go-git/v5 (#981), this also updates
golang.org/x/net to v0.53.0 (bsc#1265762, CVE-2026-33814)
- from version 20260513.00
* upgrade a few packages (#980)
- from version 20260512.02
* Add/improve unit tests for agentendpoint/exec_task.go (#933)
- from version 20260512.01
* Cover google_update.go by unit tests (#941)
- from version 20260512.00
* Change zone for arm64 builds because of stockout (#978)
- Update to version 20260511.00
* switch to t2a-standard-2 on ARM package build (#977)
- from version 20260505.03
* Cover zypper_patch by unit tests (#958)
- from version 20260505.02
* Remove unused functions DisableAutoUpdates (#970)
- from version 20260505.01
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#966)
- from version 20260505.00
* Upgrade a few dependencies across the repo (#968)
+ github.com/go-git/go-git/v5 5.16.2->5.18.0 (bsc#1264923, CVE-2026-41506)
+ github.com/go-jose/go-jose/v4 4.1.3->4.1.4 (bsc#1262926, CVE-2026-34986)
+ github.com/go-viper/mapstructure/v2 2.3.0->2.4.0
+ go.opentelemetry.io/otel 1.40.0->1.41.0
+ go.opentelemetry.io/otel/sdk 1.39.0->1.43.0
- from version 20260504.01
* bump github.com/docker/cli to 29.2.0 (#962)
- from version 20260504.00
* Bump github.com/opencontainers/selinux (#960)
- Update to version 20260428.00
* Add/improve unit tests for agentendpoint/agentendpoint.go (#930)
- from version 20260427.03
* Cover config/file.go by unit tests (#935)
- from version 20260422.01
* Cover patch_linux.go by unit tests (#932)
- from version 20260422.00
* upgrade grpc package in main package and e2e tests (#959)
(bsc#1260264, CVE-2026-33186)
- from version 20260417.04
* Bump OSV-Scalibr version to v0.4.3 (#956)
- from version 20260417.03
* Add unit tests for updates_linux.go (#937)
- from version 20260417.02
* Add zone to CreateDisk step (#955)
- from version 20260417.01
* Change disk type for deb11 (#954)
- from version 20260417.00
* Add unit tests for policies/apt.go PART 1 (#950)
- from version 20260410.02
* Add unit tests for packages/pty_linux.go (#943)
- from version 20260410.01
* fix disk type for arm workflows (#948)
- from version 20260410.00
* Change machine type for arm based workflows (#946)
- Update to version 20260330.00
* bump timeouts for all workflows (#940)
- from version 20260326.00
* Cover exec_resource.go by unit tests (#934)
- from version 20260318.00
* Integrate OSConfig agent with ReportVmInventory (#923)
- from version 20260313.02
* remove cacheonly flag from yum upgrade (#924)
- from version 20260313.01
* conditions python version override (#927)
- from version 20260313.00
* Fix presubmits by explicitly set python version for rpm based systems (#926)
- from version 20260311.00
* Bump osconfig version (#922)
- from version 20260309.02
* Extend OSV scalibr extractor (#921)
- from version 20260309.01
* upgrade golang.org/x/crypto and it's transitive deps (#918)
- from version 20260309.00
* Add purl to pkg info (#920)
- from version 20260306.00
* Add 'Type' field to PkgInfo (#919)
- from version 20260303.01
* Upgrade go.opentelemetry.io/otel/sdk (#913)
- from version 20260303.00
* Bump github.com/vbatts/tar-split from 0.11.5 to 0.12.2 (#908)
- from version 20260302.00
* Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.7 (#906)
- from version 20260126.00
* Bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#905)
* Bump github.com/sirupsen/logrus (#894)
- Update to version 20260119.00
* Bump cloud.google.com/go/storage from 1.56.0 to 1.58.0 (#899)
- Update to version 20251230.00
* chore: Migrate gsutil usage to gcloud storage (#904)
- from version 20251223.00
* fix e2e tests for report inventory (#903)
- from version 20251222.01
* Revert "Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)" (#902)
- from version 20251222.00
* Bump golang to the new version (#900)
- from version 20251218.00
* add new CODEOWNERS (#901)
- from version 20251217.00
* Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)
- Bump the golang compiler version to 1.24.5
- Update to version 20251202.00
* Revert "Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)" (#893)
- Update to version 20251201.00
* Revert "Bump github.com/containerd/containerd (#890)" (#892)
- Update to version 20251126.00
* Bump github.com/containerd/containerd (#890)
* Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)
- Update to version 20251028.00
* Bump go.opentelemetry.io/otel/sdk/metric from 1.35.0 to 1.38.0 (#886)
* Bump github.com/tidwall/pretty from 1.2.0 to 1.2.1 (#880)
- from version 20251023.02
* Create multiple_os.yaml (#883)
- from version 20251023.00
* Bump github.com/docker/go-connections from 0.4.0 to 0.6.0 (#877)
* Add test runner for e2e tests (#876)
- Update to version 20250925.00
* Bump cloud.google.com/go/auth/oauth2adapt from 0.2.7 to 0.2.8 (#870)
* Bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#874)
* Bump go.opentelemetry.io/otel from 1.35.0 to 1.38.0 (#872)
* Bump github.com/golang/glog from 1.2.4 to 1.2.5 (#830)
- Update to version 20250902.01
* Bump github.com/googleapis/enterprise-certificate-proxy (#829)
- from version 20250902.00
* update github.com/go-jose/go-jose/v4 (#869)
* Upgrade scalibr and other deps (#866)
- from version 20250901.00
* Fix possibility of path traversal for zip and tar archival (#868)
- from version 20250825.00
* set CODEOWNERS file as required by org (#863)
- from version 20250819.00
* Fix/rhel10 build centos image (#860)
- from version 20250814.00
* Fix/rhel10 build image (#859)
- from version 20250813.00
* Fix: Add RHEL 10 support to RPM startup script (#858)
- from version 20250811.00
* Remove old/sles-15-sp4-sap as image is deprecated (#857)
- Update to version 20250806.00
* Fixed JSON identifier for the universe domain (#855)
- from version 20250729.00
* Bump github.com/google/s2a-go from 0.1.8 to 0.1.9 (#828)
- from version 20250725.02
* Update utils.go (#854)
* Upgrade golang.org/x/oauth2 package to the latest. (#853)
* Bump golang.org/x/time from 0.9.0 to 0.12.0 (#839)
- from version 20250725.01
* Bump golang.org/x/oauth2 (#848)
* Port fix for debian 11 to goo package manager. (#852)
- from version 20250725.00
* Update Golang version in common.sh and skip backports
repo for debian 11 (#850)
- from version 20250723.01
* Add workflows to build package for el10 (#849)
- from version 20250721.00
* Make OS Config agent TPC aware (#846)
- from version 20250718.00
* Create workflows for new Debian 13. (#847)
- Update to version 20250703.00
* Fix sles images (#844)
- from version 20250702.00
* Remove rhel-sap 8-4 add rhel-sap 8-10 (#843)
- from version 20250701.00
* Bump the go_modules group across 1 directory with 2 updates (#840)
- Update to version 20250606.00
* Change base docker images Google's official base images. (#838)
- Update to version 20250523.01
* Add a simple no-op OS policy for user testing (#837)
- from version 20250523.00
* Introduce scalibr inventory extractor for dpkg/rpm/cos
os/filesystem extractors (linux) (#834)
* Trace GetInstalledPackages memory levels (#835)
- from version 20250520.00
- Update to version 20250513.00
* Fix rpm extractor, handle (none) value correctly. (#833)
- from version 20250512.01
* Bump github.com/envoyproxy/go-control-plane from 0.13.1 to 0.13.4 (#816)
- from version 20250512.00
* Bump golang.org/x/net from 0.39.0 to 0.40.0 (#819)
- from version 20250508.01
* cosmetic refactoring to osinfo package (#826)
- from version 20250508.00
* Refactor /inventory with dependency injection (#825)
* Add debian, ubuntu (InstalledDebPackages) snapshots (#821)
* cover packages_linux.go file with tests (#824)
* Add debian (10,11,12) GetPackageUpdates output snapshots (#822)
- from version 20250507.00
* Add InstalledRPMPackages snapshot tests (#823)
- from version 20250506.02
* Yum tests: simplify initialization of exit errors (#820)
- from version 20250506.01
* Improve test coverage for gem package manager (#818)
- from version 20250506.00
* after go/x/crypto update 0.32.0 -> 0.37.0 (#817)
- from version 20250505.01
* Improve packages package coverage (#814)
* Bump golang.org/x/net from 0.34.0 to 0.39.0 (#807)
- from version 20250505.00
* Bump golang.org/x/crypto from 0.32.0 to 0.37.0 (#806)
- from version 20250430.00
* Snapshot YumUpdates (GetPackageUpdates) output (#813)
- from version 20250428.00
* Snapshot ZypperPatches, ZypperUpdates (GetPackageUpdates) output
for sles 12, 15 testdata (#812)
- from version 20250423.00
* Introduce MatchSnapshot large test results matcher function, snapshot
apt-deb GetPackageUpdates (#811)
- from version 20250416.02
* defaultSleeper: tolerate 10% difference to reduce test flakiness (#810)
* Add output of some packagemanagers to the testdata (#808)
- from version 20250416.01
* Refactor OS Info package (#809)
- from version 20250416.00
* Report RPM inventory as YUM instead of empty SoftwarePackage
when neither Zypper nor YUM are installed. (#805)
- from version 20250414.00
* Update hash computation algorithm (#799)
- Update to version 20250320.00
* Bump github.com/envoyproxy/protoc-gen-validate from 1.1.0 to 1.2.1 (#797)
- from version 20250318.00
* Bump go.opentelemetry.io/otel/sdk/metric from 1.32.0 to 1.35.0 (#793)
- from version 20250317.02
* Bump cel.dev/expr from 0.18.0 to 0.22.0 (#792)
* Bump github.com/golang/glog from 1.2.3 to 1.2.4 in the go_modules group (#785)
- from version 20250317.01
* Bump cloud.google.com/go/logging from 1.12.0 to 1.13.0 (#774)
- from version 20250317.00
* Add tests for retryutil package. (#795)
- from version 20250306.00
* Update OWNERS (#794)
- from version 20250206.01
* Use separate counters for pre- and post-patch reboots. (#788)
- from version 20250206.00
* Update owners (#789)
- from version 20250203.00
* Fix the vet errors for contants in logging (#786)
- from version 20250122.00
* change available package check (#783)
- from version 20250121.00
* Fix Inventory reporting e2e tests. (#782)
- from version 20250120.00
* fix e2e tests (#781)
- Add -buildmode=pie to go build command line (bsc#1239948)
- from version 20240501.00 (bsc#1236533, CVE-2023-45288)
Patchnames: SUSE-SLE-Micro-6.0-764
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
89 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for google-osconfig-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for google-osconfig-agent fixes the following issues\n\n- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236533).\n- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents\n (bsc#1251453).\n- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially\n crafted input (bsc#1251704).\n- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-\n header (bsc#1260264).\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265762).\n- CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of\n service (bsc#1262926).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266603).\n- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent \n (bsc#1266171).\n- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266171).\n- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts\n (bsc#1266171).\n- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266171).\n- CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during\n smart-HTTP clone and fetch operations (bsc#1264923).\n\nChanges for google-osconfig-agent:\n\n- Update to version 20260615.01\n * Upgrade golang.org/x/crypto \u0026 golang.org/x/net (#1006)\n- from version 20260615.00\n * Add unit tests for ospatch_apt_upgrade.go (#938)\n- Update to version 20260611.00\n * Add unit tests for policies/policies.go PART 5 (#998)\n- from version 20260610.00\n * Add unit tests for policies/policies.go PART 4 (#997)\n- from version 20260609.02\n * squash commits (#936)\n- from version 20260609.01\n * Add unit tests for policies/policies.go PART 3 (#996)\n- from version 20260609.00\n * Add unit tests for policies/policies.go PART 2 (#991)\n- from version 20260602.01\n * Align format of dates and timestamp collected across Windows packages (#973)\n- from version 20260602.00\n * Add unit tests for config/config,go (#979)\n- from version 20260528.00\n * Bump github.com/containerd/containerd (#990)\n- from version 20260521.00\n * Cover agentconfig functionality by unit tests (#925)\n- from version 20260520.04\n * Add unit tests for policies/googet.go (#961)\n * Bump github.com/go-git/go-git/v5 (#987)\n- from version 20260520.02\n * Add unit tests for policies/yum.go (#952)\n * Add unit tests for policies/apt.go PART 3 (#951)\n- from version 20260520.00\n * Add unit tests for policies/zypper.go (#953)\n- from version 20260519.00\n * Add unit tests for policies/policies.go PART 1 (#949)\n- from version 20260513.01\n * Bump github.com/go-git/go-git/v5 (#981), this also updates\n golang.org/x/net to v0.53.0 (bsc#1265762, CVE-2026-33814)\n- from version 20260513.00\n * upgrade a few packages (#980)\n- from version 20260512.02\n * Add/improve unit tests for agentendpoint/exec_task.go (#933)\n- from version 20260512.01\n * Cover google_update.go by unit tests (#941)\n- from version 20260512.00\n * Change zone for arm64 builds because of stockout (#978)\n- Update to version 20260511.00\n * switch to t2a-standard-2 on ARM package build (#977)\n- from version 20260505.03\n * Cover zypper_patch by unit tests (#958)\n- from version 20260505.02\n * Remove unused functions DisableAutoUpdates (#970)\n- from version 20260505.01\n * Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#966)\n- from version 20260505.00\n * Upgrade a few dependencies across the repo (#968)\n + github.com/go-git/go-git/v5 5.16.2-\u003e5.18.0 (bsc#1264923, CVE-2026-41506)\n + github.com/go-jose/go-jose/v4 4.1.3-\u003e4.1.4 (bsc#1262926, CVE-2026-34986)\n + github.com/go-viper/mapstructure/v2 2.3.0-\u003e2.4.0\n + go.opentelemetry.io/otel 1.40.0-\u003e1.41.0\n + go.opentelemetry.io/otel/sdk 1.39.0-\u003e1.43.0\n- from version 20260504.01\n * bump github.com/docker/cli to 29.2.0 (#962)\n- from version 20260504.00\n * Bump github.com/opencontainers/selinux (#960)\n- Update to version 20260428.00\n * Add/improve unit tests for agentendpoint/agentendpoint.go (#930)\n- from version 20260427.03\n * Cover config/file.go by unit tests (#935)\n- from version 20260422.01\n * Cover patch_linux.go by unit tests (#932)\n- from version 20260422.00\n * upgrade grpc package in main package and e2e tests (#959)\n (bsc#1260264, CVE-2026-33186)\n- from version 20260417.04\n * Bump OSV-Scalibr version to v0.4.3 (#956)\n- from version 20260417.03\n * Add unit tests for updates_linux.go (#937)\n- from version 20260417.02\n * Add zone to CreateDisk step (#955)\n- from version 20260417.01\n * Change disk type for deb11 (#954)\n- from version 20260417.00\n * Add unit tests for policies/apt.go PART 1 (#950)\n- from version 20260410.02\n * Add unit tests for packages/pty_linux.go (#943)\n- from version 20260410.01\n * fix disk type for arm workflows (#948)\n- from version 20260410.00\n * Change machine type for arm based workflows (#946)\n- Update to version 20260330.00\n * bump timeouts for all workflows (#940)\n- from version 20260326.00\n * Cover exec_resource.go by unit tests (#934)\n- from version 20260318.00\n * Integrate OSConfig agent with ReportVmInventory (#923)\n- from version 20260313.02\n * remove cacheonly flag from yum upgrade (#924)\n- from version 20260313.01\n * conditions python version override (#927)\n- from version 20260313.00\n * Fix presubmits by explicitly set python version for rpm based systems (#926)\n- from version 20260311.00\n * Bump osconfig version (#922)\n- from version 20260309.02\n * Extend OSV scalibr extractor (#921)\n- from version 20260309.01\n * upgrade golang.org/x/crypto and it\u0027s transitive deps (#918)\n- from version 20260309.00\n * Add purl to pkg info (#920)\n- from version 20260306.00\n * Add \u0027Type\u0027 field to PkgInfo (#919)\n- from version 20260303.01\n * Upgrade go.opentelemetry.io/otel/sdk (#913)\n- from version 20260303.00\n * Bump github.com/vbatts/tar-split from 0.11.5 to 0.12.2 (#908)\n- from version 20260302.00\n * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.7 (#906)\n- from version 20260126.00\n * Bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#905)\n * Bump github.com/sirupsen/logrus (#894)\n- Update to version 20260119.00\n * Bump cloud.google.com/go/storage from 1.56.0 to 1.58.0 (#899)\n- Update to version 20251230.00\n * chore: Migrate gsutil usage to gcloud storage (#904)\n- from version 20251223.00\n * fix e2e tests for report inventory (#903)\n- from version 20251222.01\n * Revert \"Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)\" (#902)\n- from version 20251222.00\n * Bump golang to the new version (#900)\n- from version 20251218.00\n * add new CODEOWNERS (#901)\n- from version 20251217.00\n * Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)\n- Bump the golang compiler version to 1.24.5\n- Update to version 20251202.00\n * Revert \"Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)\" (#893)\n- Update to version 20251201.00\n * Revert \"Bump github.com/containerd/containerd (#890)\" (#892)\n- Update to version 20251126.00\n * Bump github.com/containerd/containerd (#890)\n * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)\n- Update to version 20251028.00\n * Bump go.opentelemetry.io/otel/sdk/metric from 1.35.0 to 1.38.0 (#886)\n * Bump github.com/tidwall/pretty from 1.2.0 to 1.2.1 (#880)\n- from version 20251023.02\n * Create multiple_os.yaml (#883)\n- from version 20251023.00\n * Bump github.com/docker/go-connections from 0.4.0 to 0.6.0 (#877)\n * Add test runner for e2e tests (#876)\n- Update to version 20250925.00\n * Bump cloud.google.com/go/auth/oauth2adapt from 0.2.7 to 0.2.8 (#870)\n * Bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#874)\n * Bump go.opentelemetry.io/otel from 1.35.0 to 1.38.0 (#872)\n * Bump github.com/golang/glog from 1.2.4 to 1.2.5 (#830)\n- Update to version 20250902.01\n * Bump github.com/googleapis/enterprise-certificate-proxy (#829)\n- from version 20250902.00\n * update github.com/go-jose/go-jose/v4 (#869)\n * Upgrade scalibr and other deps (#866)\n- from version 20250901.00\n * Fix possibility of path traversal for zip and tar archival (#868)\n- from version 20250825.00\n * set CODEOWNERS file as required by org (#863)\n- from version 20250819.00\n * Fix/rhel10 build centos image (#860)\n- from version 20250814.00\n * Fix/rhel10 build image (#859)\n- from version 20250813.00\n * Fix: Add RHEL 10 support to RPM startup script (#858)\n- from version 20250811.00\n * Remove old/sles-15-sp4-sap as image is deprecated (#857)\n- Update to version 20250806.00\n * Fixed JSON identifier for the universe domain (#855)\n- from version 20250729.00\n * Bump github.com/google/s2a-go from 0.1.8 to 0.1.9 (#828)\n- from version 20250725.02\n * Update utils.go (#854)\n * Upgrade golang.org/x/oauth2 package to the latest. (#853)\n * Bump golang.org/x/time from 0.9.0 to 0.12.0 (#839)\n- from version 20250725.01\n * Bump golang.org/x/oauth2 (#848)\n * Port fix for debian 11 to goo package manager. (#852)\n- from version 20250725.00\n * Update Golang version in common.sh and skip backports\n repo for debian 11 (#850)\n- from version 20250723.01\n * Add workflows to build package for el10 (#849)\n- from version 20250721.00\n * Make OS Config agent TPC aware (#846)\n- from version 20250718.00\n * Create workflows for new Debian 13. (#847)\n- Update to version 20250703.00\n * Fix sles images (#844)\n- from version 20250702.00\n * Remove rhel-sap 8-4 add rhel-sap 8-10 (#843)\n- from version 20250701.00\n * Bump the go_modules group across 1 directory with 2 updates (#840)\n- Update to version 20250606.00\n * Change base docker images Google\u0027s official base images. (#838)\n- Update to version 20250523.01\n * Add a simple no-op OS policy for user testing (#837)\n- from version 20250523.00\n * Introduce scalibr inventory extractor for dpkg/rpm/cos\n os/filesystem extractors (linux) (#834)\n * Trace GetInstalledPackages memory levels (#835)\n- from version 20250520.00\n- Update to version 20250513.00\n * Fix rpm extractor, handle (none) value correctly. (#833)\n- from version 20250512.01\n * Bump github.com/envoyproxy/go-control-plane from 0.13.1 to 0.13.4 (#816)\n- from version 20250512.00\n * Bump golang.org/x/net from 0.39.0 to 0.40.0 (#819)\n- from version 20250508.01\n * cosmetic refactoring to osinfo package (#826)\n- from version 20250508.00\n * Refactor /inventory with dependency injection (#825)\n * Add debian, ubuntu (InstalledDebPackages) snapshots (#821)\n * cover packages_linux.go file with tests (#824)\n * Add debian (10,11,12) GetPackageUpdates output snapshots (#822)\n- from version 20250507.00\n * Add InstalledRPMPackages snapshot tests (#823)\n- from version 20250506.02\n * Yum tests: simplify initialization of exit errors (#820)\n- from version 20250506.01\n * Improve test coverage for gem package manager (#818)\n- from version 20250506.00\n * after go/x/crypto update 0.32.0 -\u003e 0.37.0 (#817)\n- from version 20250505.01\n * Improve packages package coverage (#814)\n * Bump golang.org/x/net from 0.34.0 to 0.39.0 (#807)\n- from version 20250505.00\n * Bump golang.org/x/crypto from 0.32.0 to 0.37.0 (#806)\n- from version 20250430.00\n * Snapshot YumUpdates (GetPackageUpdates) output (#813)\n- from version 20250428.00\n * Snapshot ZypperPatches, ZypperUpdates (GetPackageUpdates) output\n for sles 12, 15 testdata (#812)\n- from version 20250423.00\n * Introduce MatchSnapshot large test results matcher function, snapshot\n apt-deb GetPackageUpdates (#811)\n- from version 20250416.02\n * defaultSleeper: tolerate 10% difference to reduce test flakiness (#810)\n * Add output of some packagemanagers to the testdata (#808)\n- from version 20250416.01\n * Refactor OS Info package (#809)\n- from version 20250416.00\n * Report RPM inventory as YUM instead of empty SoftwarePackage\n when neither Zypper nor YUM are installed. (#805)\n- from version 20250414.00\n * Update hash computation algorithm (#799)\n- Update to version 20250320.00\n * Bump github.com/envoyproxy/protoc-gen-validate from 1.1.0 to 1.2.1 (#797)\n- from version 20250318.00\n * Bump go.opentelemetry.io/otel/sdk/metric from 1.32.0 to 1.35.0 (#793)\n- from version 20250317.02\n * Bump cel.dev/expr from 0.18.0 to 0.22.0 (#792)\n * Bump github.com/golang/glog from 1.2.3 to 1.2.4 in the go_modules group (#785)\n- from version 20250317.01\n * Bump cloud.google.com/go/logging from 1.12.0 to 1.13.0 (#774)\n- from version 20250317.00\n * Add tests for retryutil package. (#795)\n- from version 20250306.00\n * Update OWNERS (#794)\n- from version 20250206.01\n * Use separate counters for pre- and post-patch reboots. (#788)\n- from version 20250206.00\n * Update owners (#789)\n- from version 20250203.00\n * Fix the vet errors for contants in logging (#786)\n- from version 20250122.00\n * change available package check (#783)\n- from version 20250121.00\n * Fix Inventory reporting e2e tests. (#782)\n- from version 20250120.00\n * fix e2e tests (#781)\n- Add -buildmode=pie to go build command line (bsc#1239948)\n- from version 20240501.00 (bsc#1236533, CVE-2023-45288)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-764",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22242-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22242-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622242-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22242-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047622.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210938",
"url": "https://bugzilla.suse.com/1210938"
},
{
"category": "self",
"summary": "SUSE Bug 1236533",
"url": "https://bugzilla.suse.com/1236533"
},
{
"category": "self",
"summary": "SUSE Bug 1239948",
"url": "https://bugzilla.suse.com/1239948"
},
{
"category": "self",
"summary": "SUSE Bug 1244304",
"url": "https://bugzilla.suse.com/1244304"
},
{
"category": "self",
"summary": "SUSE Bug 1244503",
"url": "https://bugzilla.suse.com/1244503"
},
{
"category": "self",
"summary": "SUSE Bug 1251453",
"url": "https://bugzilla.suse.com/1251453"
},
{
"category": "self",
"summary": "SUSE Bug 1251704",
"url": "https://bugzilla.suse.com/1251704"
},
{
"category": "self",
"summary": "SUSE Bug 1260264",
"url": "https://bugzilla.suse.com/1260264"
},
{
"category": "self",
"summary": "SUSE Bug 1262926",
"url": "https://bugzilla.suse.com/1262926"
},
{
"category": "self",
"summary": "SUSE Bug 1264923",
"url": "https://bugzilla.suse.com/1264923"
},
{
"category": "self",
"summary": "SUSE Bug 1265762",
"url": "https://bugzilla.suse.com/1265762"
},
{
"category": "self",
"summary": "SUSE Bug 1266171",
"url": "https://bugzilla.suse.com/1266171"
},
{
"category": "self",
"summary": "SUSE Bug 1266603",
"url": "https://bugzilla.suse.com/1266603"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45339 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for google-osconfig-agent",
"tracking": {
"current_release_date": "2026-06-22T09:09:04Z",
"generator": {
"date": "2026-06-22T09:09:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22242-1",
"initial_release_date": "2026-06-22T09:09:04Z",
"revision_history": [
{
"date": "2026-06-22T09:09:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-1.1.aarch64",
"product": {
"name": "google-osconfig-agent-20260615.01-1.1.aarch64",
"product_id": "google-osconfig-agent-20260615.01-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-1.1.s390x",
"product": {
"name": "google-osconfig-agent-20260615.01-1.1.s390x",
"product_id": "google-osconfig-agent-20260615.01-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-1.1.x86_64",
"product": {
"name": "google-osconfig-agent-20260615.01-1.1.x86_64",
"product_id": "google-osconfig-agent-20260615.01-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64"
},
"product_reference": "google-osconfig-agent-20260615.01-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x"
},
"product_reference": "google-osconfig-agent-20260615.01-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
},
"product_reference": "google-osconfig-agent-20260615.01-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-45339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45339"
}
],
"notes": [
{
"category": "general",
"text": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process\u0027s log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45339",
"url": "https://www.suse.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "SUSE Bug 1236541 for CVE-2024-45339",
"url": "https://bugzilla.suse.com/1236541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2024-45339"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-34986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34986",
"url": "https://www.suse.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "SUSE Bug 1262805 for CVE-2026-34986",
"url": "https://bugzilla.suse.com/1262805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-34986"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-41506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41506"
}
],
"notes": [
{
"category": "general",
"text": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41506",
"url": "https://www.suse.com/security/cve/CVE-2026-41506"
},
{
"category": "external",
"summary": "SUSE Bug 1264854 for CVE-2026-41506",
"url": "https://bugzilla.suse.com/1264854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "moderate"
}
],
"title": "CVE-2026-41506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-osconfig-agent-20260615.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:09:04Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
SUSE-SU-2026:22249-1
Vulnerability from csaf_suse - Published: 2026-06-22 09:04 - Updated: 2026-06-22 09:04Summary
Security update for google-osconfig-agent
Severity
Important
Notes
Title of the patch: Security update for google-osconfig-agent
Description of the patch: This update for google-osconfig-agent fixes the following issues
- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers.
- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents
(bsc#1251453).
- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially
crafted input (bsc#1251704).
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260264).
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265762).
- CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of
service (bsc#1262926).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266603).
- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
(bsc#1266171).
- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
(bsc#1266171).
- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
(bsc#1266171).
- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266171).
- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
(bsc#1266171).
- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
(bsc#1266171).
- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266171).
- CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during
smart-HTTP clone and fetch operations (bsc#1264923).
Changes for google-osconfig-agent:
- Update to version 20260615.01
* Upgrade golang.org/x/crypto & golang.org/x/net (#1006)
- from version 20260615.00
* Add unit tests for ospatch_apt_upgrade.go (#938)
- Update to version 20260611.00
* Add unit tests for policies/policies.go PART 5 (#998)
- from version 20260610.00
* Add unit tests for policies/policies.go PART 4 (#997)
- from version 20260609.02
* squash commits (#936)
- from version 20260609.01
* Add unit tests for policies/policies.go PART 3 (#996)
- from version 20260609.00
* Add unit tests for policies/policies.go PART 2 (#991)
- from version 20260602.01
* Align format of dates and timestamp collected across Windows packages (#973)
- from version 20260602.00
* Add unit tests for config/config,go (#979)
- from version 20260528.00
* Bump github.com/containerd/containerd (#990)
- from version 20260521.00
* Cover agentconfig functionality by unit tests (#925)
- from version 20260520.04
* Add unit tests for policies/googet.go (#961)
* Bump github.com/go-git/go-git/v5 (#987)
- from version 20260520.02
* Add unit tests for policies/yum.go (#952)
* Add unit tests for policies/apt.go PART 3 (#951)
- from version 20260520.00
* Add unit tests for policies/zypper.go (#953)
- from version 20260519.00
* Add unit tests for policies/policies.go PART 1 (#949)
- from version 20260513.01
* Bump github.com/go-git/go-git/v5 (#981), this also updates
golang.org/x/net to v0.53.0 (bsc#1265762, CVE-2026-33814)
- from version 20260513.00
* upgrade a few packages (#980)
- from version 20260512.02
* Add/improve unit tests for agentendpoint/exec_task.go (#933)
- from version 20260512.01
* Cover google_update.go by unit tests (#941)
- from version 20260512.00
* Change zone for arm64 builds because of stockout (#978)
- Update to version 20260511.00
* switch to t2a-standard-2 on ARM package build (#977)
- from version 20260505.03
* Cover zypper_patch by unit tests (#958)
- from version 20260505.02
* Remove unused functions DisableAutoUpdates (#970)
- from version 20260505.01
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#966)
- from version 20260505.00
* Upgrade a few dependencies across the repo (#968)
+ github.com/go-git/go-git/v5 5.16.2->5.18.0 (bsc#1264923, CVE-2026-41506)
+ github.com/go-jose/go-jose/v4 4.1.3->4.1.4 (bsc#1262926, CVE-2026-34986)
+ github.com/go-viper/mapstructure/v2 2.3.0->2.4.0
+ go.opentelemetry.io/otel 1.40.0->1.41.0
+ go.opentelemetry.io/otel/sdk 1.39.0->1.43.0
- from version 20260504.01
* bump github.com/docker/cli to 29.2.0 (#962)
- from version 20260504.00
* Bump github.com/opencontainers/selinux (#960)
- Update to version 20260428.00
* Add/improve unit tests for agentendpoint/agentendpoint.go (#930)
- from version 20260427.03
* Cover config/file.go by unit tests (#935)
- from version 20260422.01
* Cover patch_linux.go by unit tests (#932)
- from version 20260422.00
* upgrade grpc package in main package and e2e tests (#959)
(bsc#1260264, CVE-2026-33186)
- from version 20260417.04
* Bump OSV-Scalibr version to v0.4.3 (#956)
- from version 20260417.03
* Add unit tests for updates_linux.go (#937)
- from version 20260417.02
* Add zone to CreateDisk step (#955)
- from version 20260417.01
* Change disk type for deb11 (#954)
- from version 20260417.00
* Add unit tests for policies/apt.go PART 1 (#950)
- from version 20260410.02
* Add unit tests for packages/pty_linux.go (#943)
- from version 20260410.01
* fix disk type for arm workflows (#948)
- from version 20260410.00
* Change machine type for arm based workflows (#946)
- Update to version 20260330.00
* bump timeouts for all workflows (#940)
- from version 20260326.00
* Cover exec_resource.go by unit tests (#934)
- from version 20260318.00
* Integrate OSConfig agent with ReportVmInventory (#923)
- from version 20260313.02
* remove cacheonly flag from yum upgrade (#924)
- from version 20260313.01
* conditions python version override (#927)
- from version 20260313.00
* Fix presubmits by explicitly set python version for rpm based systems (#926)
- from version 20260311.00
* Bump osconfig version (#922)
- from version 20260309.02
* Extend OSV scalibr extractor (#921)
- from version 20260309.01
* upgrade golang.org/x/crypto and it's transitive deps (#918)
- from version 20260309.00
* Add purl to pkg info (#920)
- from version 20260306.00
* Add 'Type' field to PkgInfo (#919)
- from version 20260303.01
* Upgrade go.opentelemetry.io/otel/sdk (#913)
- from version 20260303.00
* Bump github.com/vbatts/tar-split from 0.11.5 to 0.12.2 (#908)
- from version 20260302.00
* Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.7 (#906)
- from version 20260126.00
* Bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#905)
* Bump github.com/sirupsen/logrus (#894)
- Update to version 20260119.00
* Bump cloud.google.com/go/storage from 1.56.0 to 1.58.0 (#899)
- Update to version 20251230.00
* chore: Migrate gsutil usage to gcloud storage (#904)
- from version 20251223.00
* fix e2e tests for report inventory (#903)
- from version 20251222.01
* Revert "Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)" (#902)
- from version 20251222.00
* Bump golang to the new version (#900)
- from version 20251218.00
* add new CODEOWNERS (#901)
- from version 20251217.00
* Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)
- Bump the golang compiler version to 1.24.5
- Update to version 20251202.00
* Revert "Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)" (#893)
- Update to version 20251201.00
* Revert "Bump github.com/containerd/containerd (#890)" (#892)
- Update to version 20251126.00
* Bump github.com/containerd/containerd (#890)
* Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)
- Update to version 20251028.00
* Bump go.opentelemetry.io/otel/sdk/metric from 1.35.0 to 1.38.0 (#886)
* Bump github.com/tidwall/pretty from 1.2.0 to 1.2.1 (#880)
- from version 20251023.02
* Create multiple_os.yaml (#883)
- from version 20251023.00
* Bump github.com/docker/go-connections from 0.4.0 to 0.6.0 (#877)
* Add test runner for e2e tests (#876)
- Update to version 20250925.00
* Bump cloud.google.com/go/auth/oauth2adapt from 0.2.7 to 0.2.8 (#870)
* Bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#874)
* Bump go.opentelemetry.io/otel from 1.35.0 to 1.38.0 (#872)
* Bump github.com/golang/glog from 1.2.4 to 1.2.5 (#830)
- Update to version 20250902.01
* Bump github.com/googleapis/enterprise-certificate-proxy (#829)
- from version 20250902.00
* update github.com/go-jose/go-jose/v4 (#869)
* Upgrade scalibr and other deps (#866)
- from version 20250901.00
* Fix possibility of path traversal for zip and tar archival (#868)
- from version 20250825.00
* set CODEOWNERS file as required by org (#863)
- from version 20250819.00
* Fix/rhel10 build centos image (#860)
- from version 20250814.00
* Fix/rhel10 build image (#859)
- from version 20250813.00
* Fix: Add RHEL 10 support to RPM startup script (#858)
- from version 20250811.00
* Remove old/sles-15-sp4-sap as image is deprecated (#857)
- Update to version 20250806.00
* Fixed JSON identifier for the universe domain (#855)
- from version 20250729.00
* Bump github.com/google/s2a-go from 0.1.8 to 0.1.9 (#828)
- from version 20250725.02
* Update utils.go (#854)
* Upgrade golang.org/x/oauth2 package to the latest. (#853)
* Bump golang.org/x/time from 0.9.0 to 0.12.0 (#839)
- from version 20250725.01
* Bump golang.org/x/oauth2 (#848)
* Port fix for debian 11 to goo package manager. (#852)
- from version 20250725.00
* Update Golang version in common.sh and skip backports
repo for debian 11 (#850)
- from version 20250723.01
* Add workflows to build package for el10 (#849)
- from version 20250721.00
* Make OS Config agent TPC aware (#846)
- from version 20250718.00
* Create workflows for new Debian 13. (#847)
- Update to version 20250703.00
* Fix sles images (#844)
- from version 20250702.00
* Remove rhel-sap 8-4 add rhel-sap 8-10 (#843)
- from version 20250701.00
* Bump the go_modules group across 1 directory with 2 updates (#840)
- Update to version 20250606.00
* Change base docker images Google's official base images. (#838)
- Update to version 20250523.01
* Add a simple no-op OS policy for user testing (#837)
- from version 20250523.00
* Introduce scalibr inventory extractor for dpkg/rpm/cos
os/filesystem extractors (linux) (#834)
* Trace GetInstalledPackages memory levels (#835)
- from version 20250520.00
- Update to version 20250513.00
* Fix rpm extractor, handle (none) value correctly. (#833)
- from version 20250512.01
* Bump github.com/envoyproxy/go-control-plane from 0.13.1 to 0.13.4 (#816)
- from version 20250512.00
* Bump golang.org/x/net from 0.39.0 to 0.40.0 (#819)
- from version 20250508.01
* cosmetic refactoring to osinfo package (#826)
- from version 20250508.00
* Refactor /inventory with dependency injection (#825)
* Add debian, ubuntu (InstalledDebPackages) snapshots (#821)
* cover packages_linux.go file with tests (#824)
* Add debian (10,11,12) GetPackageUpdates output snapshots (#822)
- from version 20250507.00
* Add InstalledRPMPackages snapshot tests (#823)
- from version 20250506.02
* Yum tests: simplify initialization of exit errors (#820)
- from version 20250506.01
* Improve test coverage for gem package manager (#818)
- from version 20250506.00
* after go/x/crypto update 0.32.0 -> 0.37.0 (#817)
- from version 20250505.01
* Improve packages package coverage (#814)
* Bump golang.org/x/net from 0.34.0 to 0.39.0 (#807)
- from version 20250505.00
* Bump golang.org/x/crypto from 0.32.0 to 0.37.0 (#806)
- from version 20250430.00
* Snapshot YumUpdates (GetPackageUpdates) output (#813)
- from version 20250428.00
* Snapshot ZypperPatches, ZypperUpdates (GetPackageUpdates) output
for sles 12, 15 testdata (#812)
- from version 20250423.00
* Introduce MatchSnapshot large test results matcher function, snapshot
apt-deb GetPackageUpdates (#811)
- from version 20250416.02
Patchnames: SUSE-SLE-Micro-6.1-587
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
82 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for google-osconfig-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for google-osconfig-agent fixes the following issues\n\n- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers.\n- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents\n (bsc#1251453).\n- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially\n crafted input (bsc#1251704).\n- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-\n header (bsc#1260264).\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265762).\n- CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of\n service (bsc#1262926).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266603).\n- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent\n (bsc#1266171).\n- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266171).\n- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts\n (bsc#1266171).\n- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh\n (bsc#1266171).\n- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266171).\n- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266171).\n - CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during\n smart-HTTP clone and fetch operations (bsc#1264923).\n\nChanges for google-osconfig-agent:\n\n- Update to version 20260615.01\n * Upgrade golang.org/x/crypto \u0026 golang.org/x/net (#1006)\n- from version 20260615.00\n * Add unit tests for ospatch_apt_upgrade.go (#938)\n- Update to version 20260611.00\n * Add unit tests for policies/policies.go PART 5 (#998)\n- from version 20260610.00\n * Add unit tests for policies/policies.go PART 4 (#997)\n- from version 20260609.02\n * squash commits (#936)\n- from version 20260609.01\n * Add unit tests for policies/policies.go PART 3 (#996)\n- from version 20260609.00\n * Add unit tests for policies/policies.go PART 2 (#991)\n- from version 20260602.01\n * Align format of dates and timestamp collected across Windows packages (#973)\n- from version 20260602.00\n * Add unit tests for config/config,go (#979)\n- from version 20260528.00\n * Bump github.com/containerd/containerd (#990)\n- from version 20260521.00\n * Cover agentconfig functionality by unit tests (#925)\n- from version 20260520.04\n * Add unit tests for policies/googet.go (#961)\n * Bump github.com/go-git/go-git/v5 (#987)\n- from version 20260520.02\n * Add unit tests for policies/yum.go (#952)\n * Add unit tests for policies/apt.go PART 3 (#951)\n- from version 20260520.00\n * Add unit tests for policies/zypper.go (#953)\n- from version 20260519.00\n * Add unit tests for policies/policies.go PART 1 (#949)\n- from version 20260513.01\n * Bump github.com/go-git/go-git/v5 (#981), this also updates\n golang.org/x/net to v0.53.0 (bsc#1265762, CVE-2026-33814)\n- from version 20260513.00\n * upgrade a few packages (#980)\n- from version 20260512.02\n * Add/improve unit tests for agentendpoint/exec_task.go (#933)\n- from version 20260512.01\n * Cover google_update.go by unit tests (#941)\n- from version 20260512.00\n * Change zone for arm64 builds because of stockout (#978)\n- Update to version 20260511.00\n * switch to t2a-standard-2 on ARM package build (#977)\n- from version 20260505.03\n * Cover zypper_patch by unit tests (#958)\n- from version 20260505.02\n * Remove unused functions DisableAutoUpdates (#970)\n- from version 20260505.01\n * Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#966)\n- from version 20260505.00\n * Upgrade a few dependencies across the repo (#968)\n + github.com/go-git/go-git/v5 5.16.2-\u003e5.18.0 (bsc#1264923, CVE-2026-41506)\n + github.com/go-jose/go-jose/v4 4.1.3-\u003e4.1.4 (bsc#1262926, CVE-2026-34986)\n + github.com/go-viper/mapstructure/v2 2.3.0-\u003e2.4.0\n + go.opentelemetry.io/otel 1.40.0-\u003e1.41.0\n + go.opentelemetry.io/otel/sdk 1.39.0-\u003e1.43.0\n- from version 20260504.01\n * bump github.com/docker/cli to 29.2.0 (#962)\n- from version 20260504.00\n * Bump github.com/opencontainers/selinux (#960)\n- Update to version 20260428.00\n * Add/improve unit tests for agentendpoint/agentendpoint.go (#930)\n- from version 20260427.03\n * Cover config/file.go by unit tests (#935)\n- from version 20260422.01\n * Cover patch_linux.go by unit tests (#932)\n- from version 20260422.00\n * upgrade grpc package in main package and e2e tests (#959)\n (bsc#1260264, CVE-2026-33186)\n- from version 20260417.04\n * Bump OSV-Scalibr version to v0.4.3 (#956)\n- from version 20260417.03\n * Add unit tests for updates_linux.go (#937)\n- from version 20260417.02\n * Add zone to CreateDisk step (#955)\n- from version 20260417.01\n * Change disk type for deb11 (#954)\n- from version 20260417.00\n * Add unit tests for policies/apt.go PART 1 (#950)\n- from version 20260410.02\n * Add unit tests for packages/pty_linux.go (#943)\n- from version 20260410.01\n * fix disk type for arm workflows (#948)\n- from version 20260410.00\n * Change machine type for arm based workflows (#946)\n- Update to version 20260330.00\n * bump timeouts for all workflows (#940)\n- from version 20260326.00\n * Cover exec_resource.go by unit tests (#934)\n- from version 20260318.00\n * Integrate OSConfig agent with ReportVmInventory (#923)\n- from version 20260313.02\n * remove cacheonly flag from yum upgrade (#924)\n- from version 20260313.01\n * conditions python version override (#927)\n- from version 20260313.00\n * Fix presubmits by explicitly set python version for rpm based systems (#926)\n- from version 20260311.00\n * Bump osconfig version (#922)\n- from version 20260309.02\n * Extend OSV scalibr extractor (#921)\n- from version 20260309.01\n * upgrade golang.org/x/crypto and it\u0027s transitive deps (#918)\n- from version 20260309.00\n * Add purl to pkg info (#920)\n- from version 20260306.00\n * Add \u0027Type\u0027 field to PkgInfo (#919)\n- from version 20260303.01\n * Upgrade go.opentelemetry.io/otel/sdk (#913)\n- from version 20260303.00\n * Bump github.com/vbatts/tar-split from 0.11.5 to 0.12.2 (#908)\n- from version 20260302.00\n * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.7 (#906)\n- from version 20260126.00\n * Bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#905)\n * Bump github.com/sirupsen/logrus (#894)\n- Update to version 20260119.00\n * Bump cloud.google.com/go/storage from 1.56.0 to 1.58.0 (#899)\n- Update to version 20251230.00\n * chore: Migrate gsutil usage to gcloud storage (#904)\n- from version 20251223.00\n * fix e2e tests for report inventory (#903)\n- from version 20251222.01\n * Revert \"Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)\" (#902)\n- from version 20251222.00\n * Bump golang to the new version (#900)\n- from version 20251218.00\n * add new CODEOWNERS (#901)\n- from version 20251217.00\n * Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)\n- Bump the golang compiler version to 1.24.5\n- Update to version 20251202.00\n * Revert \"Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)\" (#893)\n- Update to version 20251201.00\n * Revert \"Bump github.com/containerd/containerd (#890)\" (#892)\n- Update to version 20251126.00\n * Bump github.com/containerd/containerd (#890)\n * Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)\n- Update to version 20251028.00\n * Bump go.opentelemetry.io/otel/sdk/metric from 1.35.0 to 1.38.0 (#886)\n * Bump github.com/tidwall/pretty from 1.2.0 to 1.2.1 (#880)\n- from version 20251023.02\n * Create multiple_os.yaml (#883)\n- from version 20251023.00\n * Bump github.com/docker/go-connections from 0.4.0 to 0.6.0 (#877)\n * Add test runner for e2e tests (#876)\n- Update to version 20250925.00\n * Bump cloud.google.com/go/auth/oauth2adapt from 0.2.7 to 0.2.8 (#870)\n * Bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#874)\n * Bump go.opentelemetry.io/otel from 1.35.0 to 1.38.0 (#872)\n * Bump github.com/golang/glog from 1.2.4 to 1.2.5 (#830)\n- Update to version 20250902.01\n * Bump github.com/googleapis/enterprise-certificate-proxy (#829)\n- from version 20250902.00\n * update github.com/go-jose/go-jose/v4 (#869)\n * Upgrade scalibr and other deps (#866)\n- from version 20250901.00\n * Fix possibility of path traversal for zip and tar archival (#868)\n- from version 20250825.00\n * set CODEOWNERS file as required by org (#863)\n- from version 20250819.00\n * Fix/rhel10 build centos image (#860)\n- from version 20250814.00\n * Fix/rhel10 build image (#859)\n- from version 20250813.00\n * Fix: Add RHEL 10 support to RPM startup script (#858)\n- from version 20250811.00\n * Remove old/sles-15-sp4-sap as image is deprecated (#857)\n- Update to version 20250806.00\n * Fixed JSON identifier for the universe domain (#855)\n- from version 20250729.00\n * Bump github.com/google/s2a-go from 0.1.8 to 0.1.9 (#828)\n- from version 20250725.02\n * Update utils.go (#854)\n * Upgrade golang.org/x/oauth2 package to the latest. (#853)\n * Bump golang.org/x/time from 0.9.0 to 0.12.0 (#839)\n- from version 20250725.01\n * Bump golang.org/x/oauth2 (#848)\n * Port fix for debian 11 to goo package manager. (#852)\n- from version 20250725.00\n * Update Golang version in common.sh and skip backports\n repo for debian 11 (#850)\n- from version 20250723.01\n * Add workflows to build package for el10 (#849)\n- from version 20250721.00\n * Make OS Config agent TPC aware (#846)\n- from version 20250718.00\n * Create workflows for new Debian 13. (#847)\n- Update to version 20250703.00\n * Fix sles images (#844)\n- from version 20250702.00\n * Remove rhel-sap 8-4 add rhel-sap 8-10 (#843)\n- from version 20250701.00\n * Bump the go_modules group across 1 directory with 2 updates (#840)\n- Update to version 20250606.00\n * Change base docker images Google\u0027s official base images. (#838)\n- Update to version 20250523.01\n * Add a simple no-op OS policy for user testing (#837)\n- from version 20250523.00\n * Introduce scalibr inventory extractor for dpkg/rpm/cos\n os/filesystem extractors (linux) (#834)\n * Trace GetInstalledPackages memory levels (#835)\n- from version 20250520.00\n- Update to version 20250513.00\n * Fix rpm extractor, handle (none) value correctly. (#833)\n- from version 20250512.01\n * Bump github.com/envoyproxy/go-control-plane from 0.13.1 to 0.13.4 (#816)\n- from version 20250512.00\n * Bump golang.org/x/net from 0.39.0 to 0.40.0 (#819)\n- from version 20250508.01\n * cosmetic refactoring to osinfo package (#826)\n- from version 20250508.00\n * Refactor /inventory with dependency injection (#825)\n * Add debian, ubuntu (InstalledDebPackages) snapshots (#821)\n * cover packages_linux.go file with tests (#824)\n * Add debian (10,11,12) GetPackageUpdates output snapshots (#822)\n- from version 20250507.00\n * Add InstalledRPMPackages snapshot tests (#823)\n- from version 20250506.02\n * Yum tests: simplify initialization of exit errors (#820)\n- from version 20250506.01\n * Improve test coverage for gem package manager (#818)\n- from version 20250506.00\n * after go/x/crypto update 0.32.0 -\u003e 0.37.0 (#817)\n- from version 20250505.01\n * Improve packages package coverage (#814)\n * Bump golang.org/x/net from 0.34.0 to 0.39.0 (#807)\n- from version 20250505.00\n * Bump golang.org/x/crypto from 0.32.0 to 0.37.0 (#806)\n- from version 20250430.00\n * Snapshot YumUpdates (GetPackageUpdates) output (#813)\n- from version 20250428.00\n * Snapshot ZypperPatches, ZypperUpdates (GetPackageUpdates) output\n for sles 12, 15 testdata (#812)\n- from version 20250423.00\n * Introduce MatchSnapshot large test results matcher function, snapshot\n apt-deb GetPackageUpdates (#811)\n- from version 20250416.02\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-587",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22249-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22249-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622249-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22249-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047615.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210938",
"url": "https://bugzilla.suse.com/1210938"
},
{
"category": "self",
"summary": "SUSE Bug 1251453",
"url": "https://bugzilla.suse.com/1251453"
},
{
"category": "self",
"summary": "SUSE Bug 1251704",
"url": "https://bugzilla.suse.com/1251704"
},
{
"category": "self",
"summary": "SUSE Bug 1260264",
"url": "https://bugzilla.suse.com/1260264"
},
{
"category": "self",
"summary": "SUSE Bug 1262926",
"url": "https://bugzilla.suse.com/1262926"
},
{
"category": "self",
"summary": "SUSE Bug 1264923",
"url": "https://bugzilla.suse.com/1264923"
},
{
"category": "self",
"summary": "SUSE Bug 1265762",
"url": "https://bugzilla.suse.com/1265762"
},
{
"category": "self",
"summary": "SUSE Bug 1266171",
"url": "https://bugzilla.suse.com/1266171"
},
{
"category": "self",
"summary": "SUSE Bug 1266603",
"url": "https://bugzilla.suse.com/1266603"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for google-osconfig-agent",
"tracking": {
"current_release_date": "2026-06-22T09:04:46Z",
"generator": {
"date": "2026-06-22T09:04:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22249-1",
"initial_release_date": "2026-06-22T09:04:46Z",
"revision_history": [
{
"date": "2026-06-22T09:04:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"product": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"product_id": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"product": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"product_id": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"product": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"product_id": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64",
"product": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64",
"product_id": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64"
},
"product_reference": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le"
},
"product_reference": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x"
},
"product_reference": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
},
"product_reference": "google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-34986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34986",
"url": "https://www.suse.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "SUSE Bug 1262805 for CVE-2026-34986",
"url": "https://bugzilla.suse.com/1262805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-34986"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-41506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41506"
}
],
"notes": [
{
"category": "general",
"text": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41506",
"url": "https://www.suse.com/security/cve/CVE-2026-41506"
},
{
"category": "external",
"summary": "SUSE Bug 1264854 for CVE-2026-41506",
"url": "https://bugzilla.suse.com/1264854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2026-41506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20260615.01-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
SUSE-SU-2026:22285-1
Vulnerability from csaf_suse - Published: 2026-06-25 12:44 - Updated: 2026-06-25 12:44Summary
Security update for docker
Severity
Important
Notes
Title of the patch: Security update for docker
Description of the patch: This update for docker fixes the following issues
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265782).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266625).
- CVE-2026-39984: github.com/sigstore/timestamp-authority/v2/pkg/verification: improper certificate validation can be
used to bypass some authorization controls (bsc#1262346).
- CVE-2026-41567: arbitrary code execution with full daemon privileges when a user uploads a compressed archive into
that container (bsc#1267827).
Patchnames: SUSE-SL-Micro-6.2-1081
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.2 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker fixes the following issues\n\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265782).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266625).\n- CVE-2026-39984: github.com/sigstore/timestamp-authority/v2/pkg/verification: improper certificate validation can be\n used to bypass some authorization controls (bsc#1262346).\n- CVE-2026-41567: arbitrary code execution with full daemon privileges when a user uploads a compressed archive into\n that container (bsc#1267827).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-1081",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22285-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22285-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622285-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22285-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047673.html"
},
{
"category": "self",
"summary": "SUSE Bug 1262346",
"url": "https://bugzilla.suse.com/1262346"
},
{
"category": "self",
"summary": "SUSE Bug 1265782",
"url": "https://bugzilla.suse.com/1265782"
},
{
"category": "self",
"summary": "SUSE Bug 1266625",
"url": "https://bugzilla.suse.com/1266625"
},
{
"category": "self",
"summary": "SUSE Bug 1267827",
"url": "https://bugzilla.suse.com/1267827"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39984 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41567 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41567/"
}
],
"title": "Security update for docker",
"tracking": {
"current_release_date": "2026-06-25T12:44:31Z",
"generator": {
"date": "2026-06-25T12:44:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22285-1",
"initial_release_date": "2026-06-25T12:44:31Z",
"revision_history": [
{
"date": "2026-06-25T12:44:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-29.4.0_ce-160000.7.1.aarch64",
"product": {
"name": "docker-29.4.0_ce-160000.7.1.aarch64",
"product_id": "docker-29.4.0_ce-160000.7.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.33.0-160000.7.1.aarch64",
"product": {
"name": "docker-buildx-0.33.0-160000.7.1.aarch64",
"product_id": "docker-buildx-0.33.0-160000.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-29.4.0_ce-160000.7.1.ppc64le",
"product": {
"name": "docker-29.4.0_ce-160000.7.1.ppc64le",
"product_id": "docker-29.4.0_ce-160000.7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.33.0-160000.7.1.ppc64le",
"product": {
"name": "docker-buildx-0.33.0-160000.7.1.ppc64le",
"product_id": "docker-buildx-0.33.0-160000.7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-29.4.0_ce-160000.7.1.s390x",
"product": {
"name": "docker-29.4.0_ce-160000.7.1.s390x",
"product_id": "docker-29.4.0_ce-160000.7.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.33.0-160000.7.1.s390x",
"product": {
"name": "docker-buildx-0.33.0-160000.7.1.s390x",
"product_id": "docker-buildx-0.33.0-160000.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-29.4.0_ce-160000.7.1.x86_64",
"product": {
"name": "docker-29.4.0_ce-160000.7.1.x86_64",
"product_id": "docker-29.4.0_ce-160000.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.33.0-160000.7.1.x86_64",
"product": {
"name": "docker-buildx-0.33.0-160000.7.1.x86_64",
"product_id": "docker-buildx-0.33.0-160000.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:44:31Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:44:31Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39984"
}
],
"notes": [
{
"category": "general",
"text": "Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint checks in VerifyLeafCert uses the first non-CA certificate from the PKCS#7 certificate bag instead of the leaf certificate from the verified chain. An attacker can exploit this by prepending a forged certificate to the certificate bag while the message is signed with an authorized key, causing the library to validate the signature against one certificate but perform authorization checks against another. This vulnerability only affects users of the timestamp-authority/v2/pkg/verification package and does not affect the timestamp-authority service itself or sigstore-go. The issue has been fixed in version 2.0.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39984",
"url": "https://www.suse.com/security/cve/CVE-2026-39984"
},
{
"category": "external",
"summary": "SUSE Bug 1262338 for CVE-2026-39984",
"url": "https://bugzilla.suse.com/1262338"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:44:31Z",
"details": "moderate"
}
],
"title": "CVE-2026-39984"
},
{
"cve": "CVE-2026-41567",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41567"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container\u0027s filesystem rather than the host\u0027s due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41567",
"url": "https://www.suse.com/security/cve/CVE-2026-41567"
},
{
"category": "external",
"summary": "SUSE Bug 1267827 for CVE-2026-41567",
"url": "https://bugzilla.suse.com/1267827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Micro 6.2:docker-buildx-0.33.0-160000.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:44:31Z",
"details": "important"
}
],
"title": "CVE-2026-41567"
}
]
}
SUSE-SU-2026:22320-1
Vulnerability from csaf_suse - Published: 2026-06-22 14:35 - Updated: 2026-06-22 14:35Summary
Security update for amazon-ecs-init
Severity
Important
Notes
Title of the patch: Security update for amazon-ecs-init
Description of the patch: This update for amazon-ecs-init fixes the following issues
Update to version 1.103.2:
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265843).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266652).
Changes:
* Enhancement - Bump github.com/aws/aws-sdk-go-v2/service/fsx from
1.53.1 to 1.65.10 in /agent (#4966)
* Enhancement - Add semgrep security scan for command injection (#4959)
* Enhancement - Bump golang.org/x/tools from 0.39.0 to 0.45.0 in
/ecs-agent (#4965), also updates x/net to 0.54.0 (bsc#1266652, CVE-2026-39821)
* Enhancement - Add integration test for credential refresher (#4961)
* Enhancement - Bump golang.org/x/tools from 0.42.0 to 0.45.0 in /agent (#4873)
* Enhancement - Update Go version to 1.25.10 (#4960)
* Enhancement - Bump go.etcd.io/bbolt from 1.3.9 to 1.4.3 in /ecs-agent (#4872)
* Enhancement - update credentials-fetcher retry comments/tests (#4954)
* Enhancement - Enhancement - Add retry mechanism to credentialsfetcher (#4948)
* Enhancement - Add IMDS credential refresher (#4953)
* Bugfix - fix flaky tests depending on timers (#4955)
* Feature - Implement IMDS scanner for task credential retrieval,
in the shared library (#4945)
* Feature - Add config/capability for IMDS-based task credential retrieval
(disabled for now) (#4938)
* Feature - Add IMDS credential scanner interface and capability constant
for IMDS-based task credential retrieval (#4937)
* Enhancement - Bump github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs
from 1.47.3 to 1.65.0 in /agent (#4921)
* Enhancement - Bump github.com/aws/aws-sdk-go-v2/service/s3
from 1.63.1 to 1.97.3 in /ecs-init (#4923)
from 1.79.2 to 1.97.3 in /agent (#4924)
* Enhancement - Bump go.opentelemetry.io/otel/exporters/otlp/
otlptrace/ otlptracehttp from 1.32.0 to 1.43.0 in /agent (#4926)
* Enhancement - Truncate log values to make agent logs less verbose (#4940)
* Enhancement - Golang bump: 1.25.9 (#4935)
* Enhancement - Use env variable to read user input when
mounting FSx volumes (#4934)
* Enhancement - Enhancement - Replace SSM Dualstack endpoint
resolution logic with UseDualStackEndpoint (#4931)
* Enhancement - Emit duration metrics for TACS connect/disconnect (#4928)
* Enhancement - Bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream
from 1.6.10 to 1.7.8 in /agent (#4922)
from 1.6.5 to 1.7.8 in /ecs-init (#4925)
* Enhancement - Track and emit metric for disconnect time from ACS (#4920)
* Enhancement - engine: skip execution role checks when task desired status
is stopped (#4918)
* Enhancement - Add NeuronDevices type and sysfs-based device discovery (#4919)
* Bugfix - Fix release workflow branch handling and add GitHub App token (#4929)
* Bugfix - fix(netlib): Conditionally add IPv6 subnet to IPAM config when IPv6 (#4916)
* Enhancement - Update SSM exec agent version to 3.3.4108.0 (#4912)
* Enhancement - Update Go version to 1.25.8 (#4894)
* Enhancement - Apply skip-gpg-check to both ecs-init and ssm agent (#4901)
* Enhancement - Bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#4906)
Patchnames: SUSE-SLES-16.0-1025
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for amazon-ecs-init",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for amazon-ecs-init fixes the following issues\n\nUpdate to version 1.103.2:\n\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265843).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266652).\n\nChanges:\n\n * Enhancement - Bump github.com/aws/aws-sdk-go-v2/service/fsx from\n 1.53.1 to 1.65.10 in /agent (#4966)\n * Enhancement - Add semgrep security scan for command injection (#4959)\n * Enhancement - Bump golang.org/x/tools from 0.39.0 to 0.45.0 in\n /ecs-agent (#4965), also updates x/net to 0.54.0 (bsc#1266652, CVE-2026-39821)\n * Enhancement - Add integration test for credential refresher (#4961)\n * Enhancement - Bump golang.org/x/tools from 0.42.0 to 0.45.0 in /agent (#4873)\n * Enhancement - Update Go version to 1.25.10 (#4960)\n * Enhancement - Bump go.etcd.io/bbolt from 1.3.9 to 1.4.3 in /ecs-agent (#4872)\n * Enhancement - update credentials-fetcher retry comments/tests (#4954)\n * Enhancement - Enhancement - Add retry mechanism to credentialsfetcher (#4948)\n * Enhancement - Add IMDS credential refresher (#4953)\n * Bugfix - fix flaky tests depending on timers (#4955)\n * Feature - Implement IMDS scanner for task credential retrieval,\n in the shared library (#4945)\n * Feature - Add config/capability for IMDS-based task credential retrieval\n (disabled for now) (#4938)\n * Feature - Add IMDS credential scanner interface and capability constant\n for IMDS-based task credential retrieval (#4937)\n * Enhancement - Bump github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs\n from 1.47.3 to 1.65.0 in /agent (#4921)\n * Enhancement - Bump github.com/aws/aws-sdk-go-v2/service/s3\n from 1.63.1 to 1.97.3 in /ecs-init (#4923)\n from 1.79.2 to 1.97.3 in /agent (#4924)\n * Enhancement - Bump go.opentelemetry.io/otel/exporters/otlp/\n otlptrace/ otlptracehttp from 1.32.0 to 1.43.0 in /agent (#4926)\n * Enhancement - Truncate log values to make agent logs less verbose (#4940)\n * Enhancement - Golang bump: 1.25.9 (#4935)\n * Enhancement - Use env variable to read user input when\n mounting FSx volumes (#4934)\n * Enhancement - Enhancement - Replace SSM Dualstack endpoint\n resolution logic with UseDualStackEndpoint (#4931)\n * Enhancement - Emit duration metrics for TACS connect/disconnect (#4928)\n * Enhancement - Bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream\n from 1.6.10 to 1.7.8 in /agent (#4922)\n from 1.6.5 to 1.7.8 in /ecs-init (#4925)\n * Enhancement - Track and emit metric for disconnect time from ACS (#4920)\n * Enhancement - engine: skip execution role checks when task desired status\n is stopped (#4918)\n * Enhancement - Add NeuronDevices type and sysfs-based device discovery (#4919)\n * Bugfix - Fix release workflow branch handling and add GitHub App token (#4929)\n * Bugfix - fix(netlib): Conditionally add IPv6 subnet to IPAM config when IPv6 (#4916)\n * Enhancement - Update SSM exec agent version to 3.3.4108.0 (#4912)\n * Enhancement - Update Go version to 1.25.8 (#4894)\n * Enhancement - Apply skip-gpg-check to both ecs-init and ssm agent (#4901)\n * Enhancement - Bump google.golang.org/grpc from 1.78.0 to 1.79.3 (#4906)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-1025",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22320-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22320-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622320-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22320-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-July/027149.html"
},
{
"category": "self",
"summary": "SUSE Bug 1265843",
"url": "https://bugzilla.suse.com/1265843"
},
{
"category": "self",
"summary": "SUSE Bug 1266652",
"url": "https://bugzilla.suse.com/1266652"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
}
],
"title": "Security update for amazon-ecs-init",
"tracking": {
"current_release_date": "2026-06-22T14:35:18Z",
"generator": {
"date": "2026-06-22T14:35:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22320-1",
"initial_release_date": "2026-06-22T14:35:18Z",
"revision_history": [
{
"date": "2026-06-22T14:35:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"product": {
"name": "amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"product_id": "amazon-ecs-init-1.103.2-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "amazon-ecs-init-1.103.2-160000.1.1.x86_64",
"product": {
"name": "amazon-ecs-init-1.103.2-160000.1.1.x86_64",
"product_id": "amazon-ecs-init-1.103.2-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ecs-init-1.103.2-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64"
},
"product_reference": "amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ecs-init-1.103.2-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64"
},
"product_reference": "amazon-ecs-init-1.103.2-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ecs-init-1.103.2-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64"
},
"product_reference": "amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "amazon-ecs-init-1.103.2-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64"
},
"product_reference": "amazon-ecs-init-1.103.2-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T14:35:18Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:amazon-ecs-init-1.103.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T14:35:18Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
}
]
}
SUSE-SU-2026:22328-1
Vulnerability from csaf_suse - Published: 2026-06-22 14:41 - Updated: 2026-06-22 14:41Summary
Security update for google-cloud-sap-agent
Severity
Important
Notes
Title of the patch: Security update for google-cloud-sap-agent
Description of the patch: This update for google-cloud-sap-agent fixes the following issues
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265764).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266604).
Changes for google-cloud-sap-agent:
- Update to version 3.15
* Remove LoggingClient error failure for hanadiskrestore and hanadiskbackup.
* Add checks for unexpected arguments in hanadiskbackup and hanadiskrestore.
* Update SAP Agent version to 3.15.
* Refactor grubBootLoaderX5 to check for BLS support via grub2-mkconfig help.
* Update all go dependencies
* Check grub2-mkconfig for BLS support on X4 instances.
* Add tenant SID collection to supportbundle.
* Update golang.org/x/net dependency. This is to address (#444)
* Fork tuned.conf to tuned-x5.conf for X5 series configurations
* Enable configureX5 in configureinstance.
* Create skeleton implementation and tests for X5 configureinstance support.
* Enable detection of x5 machine types in configureinstance
- Update to version 3.14 (bsc#1265991)
* Update Daemon Restart method to pass the correct cancel function to the new handler.
* Remove redundant error logging in HANA disk restore.
* Fetch and rename Logical Volume during HANA disk restore.
* Add usage metrics for CMEK disk restore.
* Add multi-region and global KMS keys location checks.
* Convert HANA SID to uppercase in hanadiskbackup and hanadiskrestore.
* Log warning instead of erroring out on KMS key get failure.
* Initialize GCE client in status onetime command.
* Validate presence of KMS key in hanadiskrestore.
* Add SID parameter to HANA backup/restore path functions.
* Add KMS key location validation for HANA disk restore.
* Update agent version to 3.14.
* Fixes an issue if there is a whitespace around an argument passed in
* Add validation to prevent using both CSEK and KMS keys in hanadiskrestore.
* Handle disk recreation in HANA disk restore when IOPS, throughput, size, or KMS key are specified.
* Refactor disk restore and configuration logic.
* Add support for CMEK encryption of restored disks.
* Remove obsolete TODOs.
- Update to version 3.13
* Replace strings.TrimSuffix with strings.TrimSpace in hanabackup.go
* Improve error messages in hanabackup.go.
* Add system state logging and logical device verification.
* Minor version bump
* Improve SAP instance comparison for process metrics collectors to
prevent unnecessary restarts of collectors.
* Delete supportbundlehandler package.
* Remove configurehandler from sapguestactions.
* Delete hanadiskbackuphandler from sapguestactions.
* Remove Guest Actions and GCBDR Actions from initial daemon start.
* Remove `gsutil` check from collection definition.
* Delete performancediagnosticshandler package.
* Remove unused handlers and shell command execution.
* status feature fixes - pass secret name
* Fix an issue in system discovery if discovering a network fails,
particularly due to an IAM permission error.
* Add verification for HANA data volume state after disk restore.
* Error handling for rescanVolumegroups and improved logging.
* Add link to What's New page in the sapagent README.
* Add secret manager IAM checks if secret key is preset in status
Patchnames: SUSE-SLES-16.0-1022
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for google-cloud-sap-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for google-cloud-sap-agent fixes the following issues\n\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265764).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266604).\n\nChanges for google-cloud-sap-agent:\n\n- Update to version 3.15\n\n * Remove LoggingClient error failure for hanadiskrestore and hanadiskbackup.\n * Add checks for unexpected arguments in hanadiskbackup and hanadiskrestore.\n * Update SAP Agent version to 3.15.\n * Refactor grubBootLoaderX5 to check for BLS support via grub2-mkconfig help.\n * Update all go dependencies\n * Check grub2-mkconfig for BLS support on X4 instances.\n * Add tenant SID collection to supportbundle.\n * Update golang.org/x/net dependency. This is to address (#444)\n * Fork tuned.conf to tuned-x5.conf for X5 series configurations\n * Enable configureX5 in configureinstance.\n * Create skeleton implementation and tests for X5 configureinstance support.\n * Enable detection of x5 machine types in configureinstance\n\n- Update to version 3.14 (bsc#1265991)\n\n * Update Daemon Restart method to pass the correct cancel function to the new handler.\n * Remove redundant error logging in HANA disk restore.\n * Fetch and rename Logical Volume during HANA disk restore.\n * Add usage metrics for CMEK disk restore.\n * Add multi-region and global KMS keys location checks.\n * Convert HANA SID to uppercase in hanadiskbackup and hanadiskrestore.\n * Log warning instead of erroring out on KMS key get failure.\n * Initialize GCE client in status onetime command.\n * Validate presence of KMS key in hanadiskrestore.\n * Add SID parameter to HANA backup/restore path functions.\n * Add KMS key location validation for HANA disk restore.\n * Update agent version to 3.14.\n * Fixes an issue if there is a whitespace around an argument passed in\n * Add validation to prevent using both CSEK and KMS keys in hanadiskrestore.\n * Handle disk recreation in HANA disk restore when IOPS, throughput, size, or KMS key are specified.\n * Refactor disk restore and configuration logic.\n * Add support for CMEK encryption of restored disks.\n * Remove obsolete TODOs.\n\n- Update to version 3.13\n\n * Replace strings.TrimSuffix with strings.TrimSpace in hanabackup.go\n * Improve error messages in hanabackup.go.\n * Add system state logging and logical device verification.\n * Minor version bump\n * Improve SAP instance comparison for process metrics collectors to\n prevent unnecessary restarts of collectors.\n * Delete supportbundlehandler package.\n * Remove configurehandler from sapguestactions.\n * Delete hanadiskbackuphandler from sapguestactions.\n * Remove Guest Actions and GCBDR Actions from initial daemon start.\n * Remove `gsutil` check from collection definition.\n * Delete performancediagnosticshandler package.\n * Remove unused handlers and shell command execution.\n * status feature fixes - pass secret name\n * Fix an issue in system discovery if discovering a network fails,\n particularly due to an IAM permission error.\n * Add verification for HANA data volume state after disk restore.\n * Error handling for rescanVolumegroups and improved logging.\n * Add link to What\u0027s New page in the sapagent README.\n * Add secret manager IAM checks if secret key is preset in status\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-1022",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22328-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22328-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622328-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22328-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/047811.html"
},
{
"category": "self",
"summary": "SUSE Bug 1265764",
"url": "https://bugzilla.suse.com/1265764"
},
{
"category": "self",
"summary": "SUSE Bug 1265991",
"url": "https://bugzilla.suse.com/1265991"
},
{
"category": "self",
"summary": "SUSE Bug 1266604",
"url": "https://bugzilla.suse.com/1266604"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
}
],
"title": "Security update for google-cloud-sap-agent",
"tracking": {
"current_release_date": "2026-06-22T14:41:38Z",
"generator": {
"date": "2026-06-22T14:41:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22328-1",
"initial_release_date": "2026-06-22T14:41:38Z",
"revision_history": [
{
"date": "2026-06-22T14:41:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"product": {
"name": "google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"product_id": "google-cloud-sap-agent-3.15-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"product": {
"name": "google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"product_id": "google-cloud-sap-agent-3.15-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "google-cloud-sap-agent-3.15-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64"
},
"product_reference": "google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-cloud-sap-agent-3.15-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
},
"product_reference": "google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-cloud-sap-agent-3.15-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64"
},
"product_reference": "google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-cloud-sap-agent-3.15-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
},
"product_reference": "google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T14:41:38Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T14:41:38Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-34986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34986",
"url": "https://www.suse.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "SUSE Bug 1262805 for CVE-2026-34986",
"url": "https://bugzilla.suse.com/1262805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T14:41:38Z",
"details": "important"
}
],
"title": "CVE-2026-34986"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-cloud-sap-agent-3.15-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T14:41:38Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
}
]
}
SUSE-SU-2026:22367-1
Vulnerability from csaf_suse - Published: 2026-06-25 12:44 - Updated: 2026-06-25 12:44Summary
Security update for docker
Severity
Important
Notes
Title of the patch: Security update for docker
Description of the patch: This update for docker fixes the following issues
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265782).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266625).
- CVE-2026-39984: github.com/sigstore/timestamp-authority/v2/pkg/verification: improper certificate validation can be
used to bypass some authorization controls (bsc#1262346).
- CVE-2026-41567: arbitrary code execution with full daemon privileges when a user uploads a compressed archive into
that container (bsc#1267827).
Patchnames: SUSE-SLES-16.0-1081
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.2 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker fixes the following issues\n\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265782).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266625).\n- CVE-2026-39984: github.com/sigstore/timestamp-authority/v2/pkg/verification: improper certificate validation can be\n used to bypass some authorization controls (bsc#1262346).\n- CVE-2026-41567: arbitrary code execution with full daemon privileges when a user uploads a compressed archive into\n that container (bsc#1267827).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-1081",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22367-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22367-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622367-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22367-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/047772.html"
},
{
"category": "self",
"summary": "SUSE Bug 1262346",
"url": "https://bugzilla.suse.com/1262346"
},
{
"category": "self",
"summary": "SUSE Bug 1265782",
"url": "https://bugzilla.suse.com/1265782"
},
{
"category": "self",
"summary": "SUSE Bug 1266625",
"url": "https://bugzilla.suse.com/1266625"
},
{
"category": "self",
"summary": "SUSE Bug 1267827",
"url": "https://bugzilla.suse.com/1267827"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39984 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41567 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41567/"
}
],
"title": "Security update for docker",
"tracking": {
"current_release_date": "2026-06-25T12:44:31Z",
"generator": {
"date": "2026-06-25T12:44:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22367-1",
"initial_release_date": "2026-06-25T12:44:31Z",
"revision_history": [
{
"date": "2026-06-25T12:44:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-29.4.0_ce-160000.7.1.aarch64",
"product": {
"name": "docker-29.4.0_ce-160000.7.1.aarch64",
"product_id": "docker-29.4.0_ce-160000.7.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.33.0-160000.7.1.aarch64",
"product": {
"name": "docker-buildx-0.33.0-160000.7.1.aarch64",
"product_id": "docker-buildx-0.33.0-160000.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"product": {
"name": "docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"product_id": "docker-bash-completion-29.4.0_ce-160000.7.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"product": {
"name": "docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"product_id": "docker-fish-completion-29.4.0_ce-160000.7.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"product": {
"name": "docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"product_id": "docker-rootless-extras-29.4.0_ce-160000.7.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"product": {
"name": "docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"product_id": "docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-29.4.0_ce-160000.7.1.ppc64le",
"product": {
"name": "docker-29.4.0_ce-160000.7.1.ppc64le",
"product_id": "docker-29.4.0_ce-160000.7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.33.0-160000.7.1.ppc64le",
"product": {
"name": "docker-buildx-0.33.0-160000.7.1.ppc64le",
"product_id": "docker-buildx-0.33.0-160000.7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-29.4.0_ce-160000.7.1.s390x",
"product": {
"name": "docker-29.4.0_ce-160000.7.1.s390x",
"product_id": "docker-29.4.0_ce-160000.7.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.33.0-160000.7.1.s390x",
"product": {
"name": "docker-buildx-0.33.0-160000.7.1.s390x",
"product_id": "docker-buildx-0.33.0-160000.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-29.4.0_ce-160000.7.1.x86_64",
"product": {
"name": "docker-29.4.0_ce-160000.7.1.x86_64",
"product_id": "docker-29.4.0_ce-160000.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.33.0-160000.7.1.x86_64",
"product": {
"name": "docker-buildx-0.33.0-160000.7.1.x86_64",
"product_id": "docker-buildx-0.33.0-160000.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-29.4.0_ce-160000.7.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch"
},
"product_reference": "docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-29.4.0_ce-160000.7.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch"
},
"product_reference": "docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-29.4.0_ce-160000.7.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch"
},
"product_reference": "docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-29.4.0_ce-160000.7.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
},
"product_reference": "docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-29.4.0_ce-160000.7.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64"
},
"product_reference": "docker-29.4.0_ce-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-29.4.0_ce-160000.7.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch"
},
"product_reference": "docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.33.0-160000.7.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64"
},
"product_reference": "docker-buildx-0.33.0-160000.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-29.4.0_ce-160000.7.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch"
},
"product_reference": "docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-29.4.0_ce-160000.7.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch"
},
"product_reference": "docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-29.4.0_ce-160000.7.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
},
"product_reference": "docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:44:31Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:44:31Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39984"
}
],
"notes": [
{
"category": "general",
"text": "Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint checks in VerifyLeafCert uses the first non-CA certificate from the PKCS#7 certificate bag instead of the leaf certificate from the verified chain. An attacker can exploit this by prepending a forged certificate to the certificate bag while the message is signed with an authorized key, causing the library to validate the signature against one certificate but perform authorization checks against another. This vulnerability only affects users of the timestamp-authority/v2/pkg/verification package and does not affect the timestamp-authority service itself or sigstore-go. The issue has been fixed in version 2.0.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39984",
"url": "https://www.suse.com/security/cve/CVE-2026-39984"
},
{
"category": "external",
"summary": "SUSE Bug 1262338 for CVE-2026-39984",
"url": "https://bugzilla.suse.com/1262338"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:44:31Z",
"details": "moderate"
}
],
"title": "CVE-2026-39984"
},
{
"cve": "CVE-2026-41567",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41567"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container\u0027s filesystem rather than the host\u0027s due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary code execution with full daemon privileges, including host root UID and unrestricted capabilities, when a user uploads a compressed (xz or gzip) archive into that container. This issue is fixed in Docker Engine 29.5.1 and moby/moby v2.0.0-beta.14. Workarounds include only running containers from trusted images, using authorization plugins to restrict access to the `PUT /containers/{id}/archive` endpoint, and avoiding piping compressed archives into containers created from untrusted images",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41567",
"url": "https://www.suse.com/security/cve/CVE-2026-41567"
},
{
"category": "external",
"summary": "SUSE Bug 1267827 for CVE-2026-41567",
"url": "https://bugzilla.suse.com/1267827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-29.4.0_ce-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-bash-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-buildx-0.33.0-160000.7.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-fish-completion-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-rootless-extras-29.4.0_ce-160000.7.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-zsh-completion-29.4.0_ce-160000.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T12:44:31Z",
"details": "important"
}
],
"title": "CVE-2026-41567"
}
]
}
SUSE-SU-2026:2280-1
Vulnerability from csaf_suse - Published: 2026-06-05 12:11 - Updated: 2026-06-05 12:11Summary
Security update for ignition
Severity
Important
Notes
Title of the patch: Security update for ignition
Description of the patch: This update for ignition fixes the following issue
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265751).
Patchnames: SUSE-2026-2280,SUSE-SLE-Module-HPC-15-SP7-2026-2280,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2280
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:ignition-2.14.0-150400.9.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:ignition-2.14.0-150400.9.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-2.14.0-150400.9.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-2.14.0-150400.9.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ignition",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ignition fixes the following issue\n\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265751).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2280,SUSE-SLE-Module-HPC-15-SP7-2026-2280,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2280",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2280-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2280-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262280-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2280-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047125.html"
},
{
"category": "self",
"summary": "SUSE Bug 1265751",
"url": "https://bugzilla.suse.com/1265751"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
}
],
"title": "Security update for ignition",
"tracking": {
"current_release_date": "2026-06-05T12:11:41Z",
"generator": {
"date": "2026-06-05T12:11:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2280-1",
"initial_release_date": "2026-06-05T12:11:41Z",
"revision_history": [
{
"date": "2026-06-05T12:11:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ignition-2.14.0-150400.9.18.1.aarch64",
"product": {
"name": "ignition-2.14.0-150400.9.18.1.aarch64",
"product_id": "ignition-2.14.0-150400.9.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64",
"product": {
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64",
"product_id": "ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ignition-2.14.0-150400.9.18.1.i586",
"product": {
"name": "ignition-2.14.0-150400.9.18.1.i586",
"product_id": "ignition-2.14.0-150400.9.18.1.i586"
}
},
{
"category": "product_version",
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.i586",
"product": {
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.i586",
"product_id": "ignition-dracut-grub2-2.14.0-150400.9.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ignition-2.14.0-150400.9.18.1.ppc64le",
"product": {
"name": "ignition-2.14.0-150400.9.18.1.ppc64le",
"product_id": "ignition-2.14.0-150400.9.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.ppc64le",
"product": {
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.ppc64le",
"product_id": "ignition-dracut-grub2-2.14.0-150400.9.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ignition-2.14.0-150400.9.18.1.s390x",
"product": {
"name": "ignition-2.14.0-150400.9.18.1.s390x",
"product_id": "ignition-2.14.0-150400.9.18.1.s390x"
}
},
{
"category": "product_version",
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.s390x",
"product": {
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.s390x",
"product_id": "ignition-dracut-grub2-2.14.0-150400.9.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ignition-2.14.0-150400.9.18.1.x86_64",
"product": {
"name": "ignition-2.14.0-150400.9.18.1.x86_64",
"product_id": "ignition-2.14.0-150400.9.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64",
"product": {
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64",
"product_id": "ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for HPC 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-hpc:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-2.14.0-150400.9.18.1.aarch64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:ignition-2.14.0-150400.9.18.1.aarch64"
},
"product_reference": "ignition-2.14.0-150400.9.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-2.14.0-150400.9.18.1.x86_64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:ignition-2.14.0-150400.9.18.1.x86_64"
},
"product_reference": "ignition-2.14.0-150400.9.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64"
},
"product_reference": "ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64"
},
"product_reference": "ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-2.14.0-150400.9.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-2.14.0-150400.9.18.1.aarch64"
},
"product_reference": "ignition-2.14.0-150400.9.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-2.14.0-150400.9.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-2.14.0-150400.9.18.1.x86_64"
},
"product_reference": "ignition-2.14.0-150400.9.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64"
},
"product_reference": "ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64"
},
"product_reference": "ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for HPC 15 SP7:ignition-2.14.0-150400.9.18.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:ignition-2.14.0-150400.9.18.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-2.14.0-150400.9.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-2.14.0-150400.9.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for HPC 15 SP7:ignition-2.14.0-150400.9.18.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:ignition-2.14.0-150400.9.18.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-2.14.0-150400.9.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-2.14.0-150400.9.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for HPC 15 SP7:ignition-2.14.0-150400.9.18.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:ignition-2.14.0-150400.9.18.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-2.14.0-150400.9.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-2.14.0-150400.9.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-dracut-grub2-2.14.0-150400.9.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:ignition-dracut-grub2-2.14.0-150400.9.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-05T12:11:41Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
}
]
}
SUSE-SU-2026:2315-1
Vulnerability from csaf_suse - Published: 2026-06-09 12:51 - Updated: 2026-06-09 12:51Summary
Security update for kubernetes1.23
Severity
Important
Notes
Title of the patch: Security update for kubernetes1.23
Description of the patch: This update for kubernetes1.23 fixes the following issues
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265740).
- CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service
(bsc#1262271).
Patchnames: SUSE-2026-2315,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2315,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2315,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2315,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2315
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kubernetes1.23",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kubernetes1.23 fixes the following issues\n\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265740).\n- CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service\n (bsc#1262271).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2315,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2315,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2315,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2315,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2315",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2315-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2315-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262315-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2315-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047222.html"
},
{
"category": "self",
"summary": "SUSE Bug 1251168",
"url": "https://bugzilla.suse.com/1251168"
},
{
"category": "self",
"summary": "SUSE Bug 1262271",
"url": "https://bugzilla.suse.com/1262271"
},
{
"category": "self",
"summary": "SUSE Bug 1265740",
"url": "https://bugzilla.suse.com/1265740"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-35469 page",
"url": "https://www.suse.com/security/cve/CVE-2026-35469/"
}
],
"title": "Security update for kubernetes1.23",
"tracking": {
"current_release_date": "2026-06-09T12:51:53Z",
"generator": {
"date": "2026-06-09T12:51:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2315-1",
"initial_release_date": "2026-06-09T12:51:53Z",
"revision_history": [
{
"date": "2026-06-09T12:51:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.23-apiserver-1.23.17-150300.7.17.1.aarch64",
"product": {
"name": "kubernetes1.23-apiserver-1.23.17-150300.7.17.1.aarch64",
"product_id": "kubernetes1.23-apiserver-1.23.17-150300.7.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"product": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"product_id": "kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"product": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"product_id": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-controller-manager-1.23.17-150300.7.17.1.aarch64",
"product": {
"name": "kubernetes1.23-controller-manager-1.23.17-150300.7.17.1.aarch64",
"product_id": "kubernetes1.23-controller-manager-1.23.17-150300.7.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-kubeadm-1.23.17-150300.7.17.1.aarch64",
"product": {
"name": "kubernetes1.23-kubeadm-1.23.17-150300.7.17.1.aarch64",
"product_id": "kubernetes1.23-kubeadm-1.23.17-150300.7.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-kubelet-1.23.17-150300.7.17.1.aarch64",
"product": {
"name": "kubernetes1.23-kubelet-1.23.17-150300.7.17.1.aarch64",
"product_id": "kubernetes1.23-kubelet-1.23.17-150300.7.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-kubelet-common-1.23.17-150300.7.17.1.aarch64",
"product": {
"name": "kubernetes1.23-kubelet-common-1.23.17-150300.7.17.1.aarch64",
"product_id": "kubernetes1.23-kubelet-common-1.23.17-150300.7.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-proxy-1.23.17-150300.7.17.1.aarch64",
"product": {
"name": "kubernetes1.23-proxy-1.23.17-150300.7.17.1.aarch64",
"product_id": "kubernetes1.23-proxy-1.23.17-150300.7.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-scheduler-1.23.17-150300.7.17.1.aarch64",
"product": {
"name": "kubernetes1.23-scheduler-1.23.17-150300.7.17.1.aarch64",
"product_id": "kubernetes1.23-scheduler-1.23.17-150300.7.17.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.23-client-bash-completion-1.23.17-150300.7.17.1.noarch",
"product": {
"name": "kubernetes1.23-client-bash-completion-1.23.17-150300.7.17.1.noarch",
"product_id": "kubernetes1.23-client-bash-completion-1.23.17-150300.7.17.1.noarch"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-client-fish-completion-1.23.17-150300.7.17.1.noarch",
"product": {
"name": "kubernetes1.23-client-fish-completion-1.23.17-150300.7.17.1.noarch",
"product_id": "kubernetes1.23-client-fish-completion-1.23.17-150300.7.17.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.23-apiserver-1.23.17-150300.7.17.1.ppc64le",
"product": {
"name": "kubernetes1.23-apiserver-1.23.17-150300.7.17.1.ppc64le",
"product_id": "kubernetes1.23-apiserver-1.23.17-150300.7.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"product": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"product_id": "kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"product": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"product_id": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-controller-manager-1.23.17-150300.7.17.1.ppc64le",
"product": {
"name": "kubernetes1.23-controller-manager-1.23.17-150300.7.17.1.ppc64le",
"product_id": "kubernetes1.23-controller-manager-1.23.17-150300.7.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-kubeadm-1.23.17-150300.7.17.1.ppc64le",
"product": {
"name": "kubernetes1.23-kubeadm-1.23.17-150300.7.17.1.ppc64le",
"product_id": "kubernetes1.23-kubeadm-1.23.17-150300.7.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-kubelet-1.23.17-150300.7.17.1.ppc64le",
"product": {
"name": "kubernetes1.23-kubelet-1.23.17-150300.7.17.1.ppc64le",
"product_id": "kubernetes1.23-kubelet-1.23.17-150300.7.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-kubelet-common-1.23.17-150300.7.17.1.ppc64le",
"product": {
"name": "kubernetes1.23-kubelet-common-1.23.17-150300.7.17.1.ppc64le",
"product_id": "kubernetes1.23-kubelet-common-1.23.17-150300.7.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-proxy-1.23.17-150300.7.17.1.ppc64le",
"product": {
"name": "kubernetes1.23-proxy-1.23.17-150300.7.17.1.ppc64le",
"product_id": "kubernetes1.23-proxy-1.23.17-150300.7.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-scheduler-1.23.17-150300.7.17.1.ppc64le",
"product": {
"name": "kubernetes1.23-scheduler-1.23.17-150300.7.17.1.ppc64le",
"product_id": "kubernetes1.23-scheduler-1.23.17-150300.7.17.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.23-apiserver-1.23.17-150300.7.17.1.s390x",
"product": {
"name": "kubernetes1.23-apiserver-1.23.17-150300.7.17.1.s390x",
"product_id": "kubernetes1.23-apiserver-1.23.17-150300.7.17.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.s390x",
"product": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.s390x",
"product_id": "kubernetes1.23-client-1.23.17-150300.7.17.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x",
"product": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x",
"product_id": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-controller-manager-1.23.17-150300.7.17.1.s390x",
"product": {
"name": "kubernetes1.23-controller-manager-1.23.17-150300.7.17.1.s390x",
"product_id": "kubernetes1.23-controller-manager-1.23.17-150300.7.17.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-kubeadm-1.23.17-150300.7.17.1.s390x",
"product": {
"name": "kubernetes1.23-kubeadm-1.23.17-150300.7.17.1.s390x",
"product_id": "kubernetes1.23-kubeadm-1.23.17-150300.7.17.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-kubelet-1.23.17-150300.7.17.1.s390x",
"product": {
"name": "kubernetes1.23-kubelet-1.23.17-150300.7.17.1.s390x",
"product_id": "kubernetes1.23-kubelet-1.23.17-150300.7.17.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-kubelet-common-1.23.17-150300.7.17.1.s390x",
"product": {
"name": "kubernetes1.23-kubelet-common-1.23.17-150300.7.17.1.s390x",
"product_id": "kubernetes1.23-kubelet-common-1.23.17-150300.7.17.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-proxy-1.23.17-150300.7.17.1.s390x",
"product": {
"name": "kubernetes1.23-proxy-1.23.17-150300.7.17.1.s390x",
"product_id": "kubernetes1.23-proxy-1.23.17-150300.7.17.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-scheduler-1.23.17-150300.7.17.1.s390x",
"product": {
"name": "kubernetes1.23-scheduler-1.23.17-150300.7.17.1.s390x",
"product_id": "kubernetes1.23-scheduler-1.23.17-150300.7.17.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.23-apiserver-1.23.17-150300.7.17.1.x86_64",
"product": {
"name": "kubernetes1.23-apiserver-1.23.17-150300.7.17.1.x86_64",
"product_id": "kubernetes1.23-apiserver-1.23.17-150300.7.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"product": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"product_id": "kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"product": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"product_id": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-controller-manager-1.23.17-150300.7.17.1.x86_64",
"product": {
"name": "kubernetes1.23-controller-manager-1.23.17-150300.7.17.1.x86_64",
"product_id": "kubernetes1.23-controller-manager-1.23.17-150300.7.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-kubeadm-1.23.17-150300.7.17.1.x86_64",
"product": {
"name": "kubernetes1.23-kubeadm-1.23.17-150300.7.17.1.x86_64",
"product_id": "kubernetes1.23-kubeadm-1.23.17-150300.7.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-kubelet-1.23.17-150300.7.17.1.x86_64",
"product": {
"name": "kubernetes1.23-kubelet-1.23.17-150300.7.17.1.x86_64",
"product_id": "kubernetes1.23-kubelet-1.23.17-150300.7.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-kubelet-common-1.23.17-150300.7.17.1.x86_64",
"product": {
"name": "kubernetes1.23-kubelet-common-1.23.17-150300.7.17.1.x86_64",
"product_id": "kubernetes1.23-kubelet-common-1.23.17-150300.7.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-proxy-1.23.17-150300.7.17.1.x86_64",
"product": {
"name": "kubernetes1.23-proxy-1.23.17-150300.7.17.1.x86_64",
"product_id": "kubernetes1.23-proxy-1.23.17-150300.7.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.23-scheduler-1.23.17-150300.7.17.1.x86_64",
"product": {
"name": "kubernetes1.23-scheduler-1.23.17-150300.7.17.1.x86_64",
"product_id": "kubernetes1.23-scheduler-1.23.17-150300.7.17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.s390x"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.s390x"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64"
},
"product_reference": "kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64"
},
"product_reference": "kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T12:51:53Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-35469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-35469"
}
],
"notes": [
{
"category": "general",
"text": "spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and individual header field sizes - all read as 32-bit integers and used directly as allocation sizes with no bounds checking. Because SPDY header blocks are zlib-compressed, a small on-the-wire payload can decompress into large attacker-controlled values. A remote peer that can send SPDY frames to a service using spdystream can exhaust process memory and cause an out-of-memory crash with a single crafted control frame. This issue has been fixed in version 0.5.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-35469",
"url": "https://www.suse.com/security/cve/CVE-2026-35469"
},
{
"category": "external",
"summary": "SUSE Bug 1262264 for CVE-2026-35469",
"url": "https://bugzilla.suse.com/1262264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-1.23.17-150300.7.17.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.23-client-common-1.23.17-150300.7.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T12:51:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-35469"
}
]
}
SUSE-SU-2026:2322-1
Vulnerability from csaf_suse - Published: 2026-06-09 14:32 - Updated: 2026-06-09 14:32Summary
Security update for kubernetes1.24
Severity
Important
Notes
Title of the patch: Security update for kubernetes1.24
Description of the patch: This update for kubernetes1.24 fixes the following issues
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265740).
- CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service
(bsc#1262271).
Patchnames: SUSE-2026-2322,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2322,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2322,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2322,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2322
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kubernetes1.24",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kubernetes1.24 fixes the following issues\n\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265740).\n- CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service\n (bsc#1262271).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2322,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2322,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2322,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2322,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2322",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2322-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2322-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262322-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2322-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047216.html"
},
{
"category": "self",
"summary": "SUSE Bug 1251168",
"url": "https://bugzilla.suse.com/1251168"
},
{
"category": "self",
"summary": "SUSE Bug 1262271",
"url": "https://bugzilla.suse.com/1262271"
},
{
"category": "self",
"summary": "SUSE Bug 1265740",
"url": "https://bugzilla.suse.com/1265740"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-35469 page",
"url": "https://www.suse.com/security/cve/CVE-2026-35469/"
}
],
"title": "Security update for kubernetes1.24",
"tracking": {
"current_release_date": "2026-06-09T14:32:16Z",
"generator": {
"date": "2026-06-09T14:32:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2322-1",
"initial_release_date": "2026-06-09T14:32:16Z",
"revision_history": [
{
"date": "2026-06-09T14:32:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.24-apiserver-1.24.17-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.24-apiserver-1.24.17-150400.9.27.1.aarch64",
"product_id": "kubernetes1.24-apiserver-1.24.17-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"product_id": "kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"product_id": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-controller-manager-1.24.17-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.24-controller-manager-1.24.17-150400.9.27.1.aarch64",
"product_id": "kubernetes1.24-controller-manager-1.24.17-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubeadm-1.24.17-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.24-kubeadm-1.24.17-150400.9.27.1.aarch64",
"product_id": "kubernetes1.24-kubeadm-1.24.17-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-1.24.17-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.24-kubelet-1.24.17-150400.9.27.1.aarch64",
"product_id": "kubernetes1.24-kubelet-1.24.17-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-common-1.24.17-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.24-kubelet-common-1.24.17-150400.9.27.1.aarch64",
"product_id": "kubernetes1.24-kubelet-common-1.24.17-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-proxy-1.24.17-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.24-proxy-1.24.17-150400.9.27.1.aarch64",
"product_id": "kubernetes1.24-proxy-1.24.17-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-scheduler-1.24.17-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.24-scheduler-1.24.17-150400.9.27.1.aarch64",
"product_id": "kubernetes1.24-scheduler-1.24.17-150400.9.27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.24-client-bash-completion-1.24.17-150400.9.27.1.noarch",
"product": {
"name": "kubernetes1.24-client-bash-completion-1.24.17-150400.9.27.1.noarch",
"product_id": "kubernetes1.24-client-bash-completion-1.24.17-150400.9.27.1.noarch"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-fish-completion-1.24.17-150400.9.27.1.noarch",
"product": {
"name": "kubernetes1.24-client-fish-completion-1.24.17-150400.9.27.1.noarch",
"product_id": "kubernetes1.24-client-fish-completion-1.24.17-150400.9.27.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.24-apiserver-1.24.17-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.24-apiserver-1.24.17-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.24-apiserver-1.24.17-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-controller-manager-1.24.17-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.24-controller-manager-1.24.17-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.24-controller-manager-1.24.17-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubeadm-1.24.17-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.24-kubeadm-1.24.17-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.24-kubeadm-1.24.17-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-1.24.17-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.24-kubelet-1.24.17-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.24-kubelet-1.24.17-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-common-1.24.17-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.24-kubelet-common-1.24.17-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.24-kubelet-common-1.24.17-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-proxy-1.24.17-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.24-proxy-1.24.17-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.24-proxy-1.24.17-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-scheduler-1.24.17-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.24-scheduler-1.24.17-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.24-scheduler-1.24.17-150400.9.27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.24-apiserver-1.24.17-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.24-apiserver-1.24.17-150400.9.27.1.s390x",
"product_id": "kubernetes1.24-apiserver-1.24.17-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.s390x",
"product_id": "kubernetes1.24-client-1.24.17-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x",
"product_id": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-controller-manager-1.24.17-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.24-controller-manager-1.24.17-150400.9.27.1.s390x",
"product_id": "kubernetes1.24-controller-manager-1.24.17-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubeadm-1.24.17-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.24-kubeadm-1.24.17-150400.9.27.1.s390x",
"product_id": "kubernetes1.24-kubeadm-1.24.17-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-1.24.17-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.24-kubelet-1.24.17-150400.9.27.1.s390x",
"product_id": "kubernetes1.24-kubelet-1.24.17-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-common-1.24.17-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.24-kubelet-common-1.24.17-150400.9.27.1.s390x",
"product_id": "kubernetes1.24-kubelet-common-1.24.17-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-proxy-1.24.17-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.24-proxy-1.24.17-150400.9.27.1.s390x",
"product_id": "kubernetes1.24-proxy-1.24.17-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-scheduler-1.24.17-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.24-scheduler-1.24.17-150400.9.27.1.s390x",
"product_id": "kubernetes1.24-scheduler-1.24.17-150400.9.27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.24-apiserver-1.24.17-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.24-apiserver-1.24.17-150400.9.27.1.x86_64",
"product_id": "kubernetes1.24-apiserver-1.24.17-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"product_id": "kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"product_id": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-controller-manager-1.24.17-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.24-controller-manager-1.24.17-150400.9.27.1.x86_64",
"product_id": "kubernetes1.24-controller-manager-1.24.17-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubeadm-1.24.17-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.24-kubeadm-1.24.17-150400.9.27.1.x86_64",
"product_id": "kubernetes1.24-kubeadm-1.24.17-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-1.24.17-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.24-kubelet-1.24.17-150400.9.27.1.x86_64",
"product_id": "kubernetes1.24-kubelet-1.24.17-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-common-1.24.17-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.24-kubelet-common-1.24.17-150400.9.27.1.x86_64",
"product_id": "kubernetes1.24-kubelet-common-1.24.17-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-proxy-1.24.17-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.24-proxy-1.24.17-150400.9.27.1.x86_64",
"product_id": "kubernetes1.24-proxy-1.24.17-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-scheduler-1.24.17-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.24-scheduler-1.24.17-150400.9.27.1.x86_64",
"product_id": "kubernetes1.24-scheduler-1.24.17-150400.9.27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.s390x"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.s390x"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T14:32:16Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-35469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-35469"
}
],
"notes": [
{
"category": "general",
"text": "spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and individual header field sizes - all read as 32-bit integers and used directly as allocation sizes with no bounds checking. Because SPDY header blocks are zlib-compressed, a small on-the-wire payload can decompress into large attacker-controlled values. A remote peer that can send SPDY frames to a service using spdystream can exhaust process memory and cause an out-of-memory crash with a single crafted control frame. This issue has been fixed in version 0.5.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-35469",
"url": "https://www.suse.com/security/cve/CVE-2026-35469"
},
{
"category": "external",
"summary": "SUSE Bug 1262264 for CVE-2026-35469",
"url": "https://bugzilla.suse.com/1262264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-1.24.17-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.24-client-common-1.24.17-150400.9.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T14:32:16Z",
"details": "moderate"
}
],
"title": "CVE-2026-35469"
}
]
}
SUSE-SU-2026:2325-1
Vulnerability from csaf_suse - Published: 2026-06-09 14:34 - Updated: 2026-06-09 14:34Summary
Security update for kubernetes1.26
Severity
Important
Notes
Title of the patch: Security update for kubernetes1.26
Description of the patch: This update for kubernetes1.26 fixes the following issues
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265740).
- CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service
(bsc#1262271).
Patchnames: SUSE-2026-2325,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2325,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2325,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2325,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2325,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2325,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2325,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2325,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2325
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kubernetes1.26",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kubernetes1.26 fixes the following issues\n\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265740).\n- CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service\n (bsc#1262271).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2325,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2325,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2325,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2325,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2325,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2325,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2325,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2325,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2325",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2325-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2325-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262325-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2325-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047213.html"
},
{
"category": "self",
"summary": "SUSE Bug 1251168",
"url": "https://bugzilla.suse.com/1251168"
},
{
"category": "self",
"summary": "SUSE Bug 1262271",
"url": "https://bugzilla.suse.com/1262271"
},
{
"category": "self",
"summary": "SUSE Bug 1265740",
"url": "https://bugzilla.suse.com/1265740"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-35469 page",
"url": "https://www.suse.com/security/cve/CVE-2026-35469/"
}
],
"title": "Security update for kubernetes1.26",
"tracking": {
"current_release_date": "2026-06-09T14:34:20Z",
"generator": {
"date": "2026-06-09T14:34:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2325-1",
"initial_release_date": "2026-06-09T14:34:20Z",
"revision_history": [
{
"date": "2026-06-09T14:34:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.26-apiserver-1.26.15-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.26-apiserver-1.26.15-150400.9.27.1.aarch64",
"product_id": "kubernetes1.26-apiserver-1.26.15-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"product_id": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"product_id": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-controller-manager-1.26.15-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.26-controller-manager-1.26.15-150400.9.27.1.aarch64",
"product_id": "kubernetes1.26-controller-manager-1.26.15-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-kubeadm-1.26.15-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.26-kubeadm-1.26.15-150400.9.27.1.aarch64",
"product_id": "kubernetes1.26-kubeadm-1.26.15-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-kubelet-1.26.15-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.26-kubelet-1.26.15-150400.9.27.1.aarch64",
"product_id": "kubernetes1.26-kubelet-1.26.15-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-kubelet-common-1.26.15-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.26-kubelet-common-1.26.15-150400.9.27.1.aarch64",
"product_id": "kubernetes1.26-kubelet-common-1.26.15-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-proxy-1.26.15-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.26-proxy-1.26.15-150400.9.27.1.aarch64",
"product_id": "kubernetes1.26-proxy-1.26.15-150400.9.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-scheduler-1.26.15-150400.9.27.1.aarch64",
"product": {
"name": "kubernetes1.26-scheduler-1.26.15-150400.9.27.1.aarch64",
"product_id": "kubernetes1.26-scheduler-1.26.15-150400.9.27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.26-client-bash-completion-1.26.15-150400.9.27.1.noarch",
"product": {
"name": "kubernetes1.26-client-bash-completion-1.26.15-150400.9.27.1.noarch",
"product_id": "kubernetes1.26-client-bash-completion-1.26.15-150400.9.27.1.noarch"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-client-fish-completion-1.26.15-150400.9.27.1.noarch",
"product": {
"name": "kubernetes1.26-client-fish-completion-1.26.15-150400.9.27.1.noarch",
"product_id": "kubernetes1.26-client-fish-completion-1.26.15-150400.9.27.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.26-apiserver-1.26.15-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.26-apiserver-1.26.15-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.26-apiserver-1.26.15-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-controller-manager-1.26.15-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.26-controller-manager-1.26.15-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.26-controller-manager-1.26.15-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-kubeadm-1.26.15-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.26-kubeadm-1.26.15-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.26-kubeadm-1.26.15-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-kubelet-1.26.15-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.26-kubelet-1.26.15-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.26-kubelet-1.26.15-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-kubelet-common-1.26.15-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.26-kubelet-common-1.26.15-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.26-kubelet-common-1.26.15-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-proxy-1.26.15-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.26-proxy-1.26.15-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.26-proxy-1.26.15-150400.9.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-scheduler-1.26.15-150400.9.27.1.ppc64le",
"product": {
"name": "kubernetes1.26-scheduler-1.26.15-150400.9.27.1.ppc64le",
"product_id": "kubernetes1.26-scheduler-1.26.15-150400.9.27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.26-apiserver-1.26.15-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.26-apiserver-1.26.15-150400.9.27.1.s390x",
"product_id": "kubernetes1.26-apiserver-1.26.15-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"product_id": "kubernetes1.26-client-1.26.15-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"product_id": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-controller-manager-1.26.15-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.26-controller-manager-1.26.15-150400.9.27.1.s390x",
"product_id": "kubernetes1.26-controller-manager-1.26.15-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-kubeadm-1.26.15-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.26-kubeadm-1.26.15-150400.9.27.1.s390x",
"product_id": "kubernetes1.26-kubeadm-1.26.15-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-kubelet-1.26.15-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.26-kubelet-1.26.15-150400.9.27.1.s390x",
"product_id": "kubernetes1.26-kubelet-1.26.15-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-kubelet-common-1.26.15-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.26-kubelet-common-1.26.15-150400.9.27.1.s390x",
"product_id": "kubernetes1.26-kubelet-common-1.26.15-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-proxy-1.26.15-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.26-proxy-1.26.15-150400.9.27.1.s390x",
"product_id": "kubernetes1.26-proxy-1.26.15-150400.9.27.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-scheduler-1.26.15-150400.9.27.1.s390x",
"product": {
"name": "kubernetes1.26-scheduler-1.26.15-150400.9.27.1.s390x",
"product_id": "kubernetes1.26-scheduler-1.26.15-150400.9.27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.26-apiserver-1.26.15-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.26-apiserver-1.26.15-150400.9.27.1.x86_64",
"product_id": "kubernetes1.26-apiserver-1.26.15-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"product_id": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"product_id": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-controller-manager-1.26.15-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.26-controller-manager-1.26.15-150400.9.27.1.x86_64",
"product_id": "kubernetes1.26-controller-manager-1.26.15-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-kubeadm-1.26.15-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.26-kubeadm-1.26.15-150400.9.27.1.x86_64",
"product_id": "kubernetes1.26-kubeadm-1.26.15-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-kubelet-1.26.15-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.26-kubelet-1.26.15-150400.9.27.1.x86_64",
"product_id": "kubernetes1.26-kubelet-1.26.15-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-kubelet-common-1.26.15-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.26-kubelet-common-1.26.15-150400.9.27.1.x86_64",
"product_id": "kubernetes1.26-kubelet-common-1.26.15-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-proxy-1.26.15-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.26-proxy-1.26.15-150400.9.27.1.x86_64",
"product_id": "kubernetes1.26-proxy-1.26.15-150400.9.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.26-scheduler-1.26.15-150400.9.27.1.x86_64",
"product": {
"name": "kubernetes1.26-scheduler-1.26.15-150400.9.27.1.x86_64",
"product_id": "kubernetes1.26-scheduler-1.26.15-150400.9.27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
},
"product_reference": "kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T14:34:20Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-35469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-35469"
}
],
"notes": [
{
"category": "general",
"text": "spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and individual header field sizes - all read as 32-bit integers and used directly as allocation sizes with no bounds checking. Because SPDY header blocks are zlib-compressed, a small on-the-wire payload can decompress into large attacker-controlled values. A remote peer that can send SPDY frames to a service using spdystream can exhaust process memory and cause an out-of-memory crash with a single crafted control frame. This issue has been fixed in version 0.5.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-35469",
"url": "https://www.suse.com/security/cve/CVE-2026-35469"
},
{
"category": "external",
"summary": "SUSE Bug 1262264 for CVE-2026-35469",
"url": "https://bugzilla.suse.com/1262264"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-1.26.15-150400.9.27.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:kubernetes1.26-client-common-1.26.15-150400.9.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T14:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2026-35469"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…